[SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update

-------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura May 01, 2025 https://wiki.debian.org/LTS -...

Debian dla-4079 : openvpn - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4079 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4079-2 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DSA-5828-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability fixed in Ghostscript

Artifex has fixed a vulnerability in Ghostscript. A malicious party could exploit the vulnerability to be able to execute arbitrary be able to execute arbitrary commands with permissions from the Ghostscript process. To do this, the malicious party must trick the victim into opening a rogue file...

Vulnerability fixed in PostgreSQL

The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...

Vulnerabilities fixed in Expat

Vulnerabilities have been fixed in Expat. Combining exploiting these vulnerabilities allows a remote malicious person able to execute arbitrary code or cause a Denial-of-Service cause. Expat's developers have made updates available to address the vulnerabilities. For more information, see:...

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges The...

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

Vulnerabilities fixed in Mailman

Several vulnerabilities have been fixed in Mailman, a web-based mailing list manager, that can be exploited to perform a cross-site request forgery CSRF attack. A malicious party can exploit these vulnerabilities to obtain elevated privileges or gain access to application data. -= Debian =- Debia...

Vulnerabilities fixed in Ansible

Vulnerabilities have been fixed in Ansible. The vulnerabilities potentially enable an authenticated malicious person to perform attacks that result in the following categories of damage: Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges -=...

Vulnerabilities fixed in LDB

Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

Vulnerabilities fixed in Node.js

Node.js developers have fixed vulnerabilities. The vulnerabilities allow an unauthorized remote malicious person to remote user to cause a denial-of-service and to bypass a security measure. -= Debian =- Debian has made updates to nodejs available for to address the vulnerabilities. You can insta...

Vulnerabilities fixed in OpenLDAP

Vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service. The developers of OpenLDAP have released updates to fix the vulnerabilities. More information can be found on the pages below:...

Vulnerabilities fixed in Dovecot

A malicious party could exploit the vulnerabilities to cause a denial-of-service and to read e-mail from other users. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-24386:...

Multiple vulnerabilities fixed in Squid

The developers of Squid have fixed several vulnerabilities in Squid proxy. An unauthenticated malicious person can exploit the remote vulnerabilities to exploit them to cause a denial-of-service cause, access sensitive data or execute arbitrary code with application privileges. For the...

Vulnerabilities fixed in SpamAssasin

Vulnerabilities have been fixed in SpamAssasin. The vulnerabilities allow an unauthenticated remote malicious person to execute arbitrary code under application privileges. The remote attack is significantly more difficult to execute than a local attack. The attack takes place by adding to a...

Vulnerabilities fixed in libSSH2

There are vulnerabilities in libSSH2. LibSSH2 is a client side C library for implementing the SSH2 protocol. A malicious person in control of a compromised SSH server can construct a follow-up attack on systems that have connected to the compromised SSH server. Misuse could potentially lead to th...

CVE-2016-8685

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP image...

TrustedSec Attack Platform: TAP

TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remo...