111 matches found
CLSA-2024-1727288271 Fix CVE(s): CVE-2021-37370, CVE-2021-37371, CVE-2024-37370, CVE-2024-37371
SECURITY UPDATE: fix GSS vulnerabilities - debian/patches/CVE-2021-37370.patch: prevent modification of Extra Count field in GSS krb5 wrap CFX wrap token to avoid appearing truncated to application header - debian/patches/CVE-2021-37371.patch: fix invalid memory reads during GSS message token...
CLSA-2024-1723223824 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...
CLSA-2024-1719569368 pam: Fix of CVE-2024-22365
CVE-2024-22365: use ODIRECTORY to prevent local DoS situations...
CLSA-2024-1715673429 less: Fix of CVE-2024-32487
Fix CVE-2024-32487: filename.c: quoting mishandling...
AZL-35879 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-16
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CLSA-2024-1709563071 Fix CVE(s): CVE-2023-51766
SECURITY UPDATE: SMTP smuggling because of . support - debian/patches/CVE-2023-51766.patch: reject "dot, LF" as ending data phase. Testcase for "smtp smuggling". - CVE-2023-51766...
CLSA-2024-1708427752 Fix CVE(s): CVE-2023-48795
Fix: possible segfault in the CVE-2023-48795 fix - debian/patches/CVE-2023-48795-post-fix.patch...
CLSA-2024-1707419801 Fix CVE(s): CVE-2023-5981
SECURITY UPDATE: timing side-channel in the RSA-PSK ClientKeyExchange - debian/patches/nettle-pk-randomness-level.patch: nettle/pk use the appropriate level of randomness for each operation. - debian/patches/pk-gnutlsswitchlibstate.patch: pk always use gnutlsswitchlibstate. -...
CLSA-2023-1703612912 openssh: Fix of CVE-2023-51385
CVE-2023-51385: ban user/hostnames with most shell metacharacters in command line...
CLSA-2023-1701971295 Fix CVE(s): CVE-2023-40217
SECURITY UPDATE: TLS handshake bypass - debian/patches/CVE-2023-40217.patch: Check for & avoid the ssl pre-close flaw. Update SSL tests - CVE-2023-40217...
CLSA-2023-1699468875 Fix CVE(s): CVE-2022-48560
SECURITY UPDATE: posible crash in heapq with custom comparison operators - debian/patches/CVE-2022-48560.patch: disallow releasing heap items during a comparison callback - CVE-2022-48560...
CLSA-2023-1698312539 Fix CVE(s): CVE-2023-5441, CVE-2023-5344
SECURITY UPDATE: a fix of buffer-overflow in truncstring - debian/patches/CVE-2023-5344.patch - CVE-2023-5344 SECURITY UPDATE: segfault in exmode - debian/patches/CVE-2023-5441.patch - CVE-2023-5441...
CLSA-2023-1697576053 Fix CVE(s): CVE-2023-4504
SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-4504.patch: check for end of buffer if there is an escaped character - CVE-2023-4504...
CLSA-2023-1697575950 Fix CVE(s): CVE-2023-4504
SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-4504.patch: check for end of buffer if there is an escaped character - CVE-2023-4504...
CLSA-2023-1693904973 Fix CVE(s): CVE-2022-48174
SECURITY UPDATE: unlikely stack overflow vulnerability - debian/patches/CVE-2022-48174.patch: break if a number string containing invalid characters - CVE-2022-48174...
DEBIAN-CVE-2023-39950
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CLSA-2023-1689009273 Fix CVE(s): CVE-2023-32324
SECURITY UPDATE: a heap buffer overflow vulnerability - debian/patches/CVE-2023-32324.patch: fix cupsstrlcpy to exit immideately if a length of the source string is zero - CVE-2023-32324...
CLSA-2023-1687469258 Fix CVE(s): CVE-2022-34903
SECURITY UPDATE: buffer overflow allows for signature spoofing - debian/patches/CVE-2022-34903.patch: always use a break to terminate the escape detection loop. - CVE-2022-34903...
CLSA-2023-1685972217 Fix CVE(s): CVE-2023-2609
SECURITY UPDATE: NULL pointer dereference in getregister - debian/patches/CVE-2023-2609.patch: Check "yarray" is not NULL - CVE-2023-2609...
CLSA-2023-1685380362 Fix CVE(s): CVE-2023-33204, CVE-2022-39377
SECURITY UPDATE: a possible overflow because of an incomplete fix of CVE-2022-39377 - debian/patches/CVE-2023-33204.patch: check an overflow and exit if it be - CVE-2023-33204...