164 matches found
[SECURITY] [DLA 4007-1] python-tornado security update
Debian LTS Advisory DLA-4007-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert January 01, 2025 https://wiki.debian.org/LTS Package : python-tornado Version : 6.1.0-1+deb11u1 CVE ID : CVE-2023-28370 CVE-2024-52804 Debian Bug : 1036875 1088112 Tornado is a scalable,...
[SECURITY] [DSA 5829-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5829-1 [email protected] https://www.debian.org/security/ Andres Salomon December 12, 2024 https://www.debian.org/security/faq -...
CVE-2024-48916
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
Debian dsa-5809 : php-symfony - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5809 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5809-1 [email protected] https://www.debian.org/securit...
[SECURITY] [DSA 5800-1] xorg-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5800-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 29, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5784-1] oath-toolkit security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5784-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5771-1] php-twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5759-1] python3.11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5759-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 27, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5712-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2024 https://www.debian.org/security/faq -...
Vulnerability fixed in Expat
A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
Vulnerability fixed in containerd
Cloud Native Computing Foundation CNCF has fixed a vulnerability fixed in containerd as used by Kubernetes, among others and Docker. A malicious party could exploit the vulnerability to gain access to sensitive data. To do so, the malicious party persuades the victim to use a rogue container imag...
debian 安全漏洞
debian Debian GUN/Linux is a Linux operating system from the Debian Project. The system has faster and easier memory management, open source software support, good system security, and high stability. debian has a security vulnerability, which can lead to private key leaks. This issue is fixed in...
Vulnerabilities fixed in OpenSSL
The developers of OpenSSL have fixed two vulnerabilities. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service, or potentially gain access to sensitive data, including possibly private keys currently actively in use on the system. Misu...
Vulnerabilities fixed in Tomcat
Debian has fixed vulnerabilities in Tomcat. The vulnerabilities allow a remote malicious person to circumvent a to bypass a security measure. -= Debian =- Debian has made updates to tomcat available for Debian 10.0 Buster to fix the vulnerability. You can install the custom packages by using...
Vulnerability fixed in MIT Kerberos
A vulnerability has been fixed in krb5, part of MIT's Kerberos. A malicious party could potentially exploit the vulnerability to cause a denial-of-service on the KDC process through a specially prepared request. -= Debian =- Debian has made updates to krb5 available for Debian 10.0 Buster to fix...
SUSE-SU-2021:1845-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in clientwork bsc1184521. - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied o...
SUSE-SU-2021:0551-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges...
Vulnerability fixed in OpenLDAP
A vulnerability has been fixed in OpenLDAP. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. The developers of OpenLDAP have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in PHP
Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...