[SECURITY] [DLA 2575-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2575-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 25, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2573-1 : libzstd security update

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2568-1 : bind9 security update

It was discovered that there was a buffer overflow attack in the bind9 DNS server caused by an issue in the GSSAPI 'Generic Security Services' security policy negotiation. For Debian 9 'Stretch', this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u8. We recommend that you upgrade yo...

Debian DLA-2572-1 : wpa security update

An issue has been found in wpa, a set of tools to support WPA and WPA2 IEEE 802.11i. Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpasupplicant process or potentially arbitrary code execution. On request, together with this upload support for...

Debian DLA-2570-1 : screen security update

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly have unspecified other impact via a crafted UTF-8 character sequence. For Debian 9 stretch, this problem has been fixed in version 4.5.0-6+deb9u1. We...

Debian DLA-2571-1 : openvswitch security update

Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch. CVE-2020-35498 Denial of service attacks, in which crafted network packets could cause the packet lookup to ignore network header fields from layers 3 and 4. The crafted netwo...

Debian DLA-2564-1 : php-horde-text-filter security update

Alex Birnberg discovered a cross-site scripting XSS vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail. CVE-2021-26929 An XSS issue was discovered in Horde Groupware Webmail Edition...

[SECURITY] [DLA 2573-1] libzstd security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2573-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 20, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2572-1] wpa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2572-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 20, 2021 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2570-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2568-1] bind9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2568-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2566-1 : libbsd security update

An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an out-of-bounds read. For Debian 9 stretch, this problem has been fixed in version 0.8.3-1+deb9u1. We recommend that you upgrade your libbsd...

Debian DLA-2560-1 : qemu security update

Several vulnerabilities were discovered in QEMU, a fast processor emulator notably used in KVM and Xen HVM virtualization. An attacker could trigger a denial of service DoS, information leak, and possibly execute arbitrary code with the privileges of the QEMU process on the host. CVE-2020-15469 A...

Debian: Security Advisory (DLA-2562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2563-1 : openssl security update

It was discovered that there were two issues in the openssl cryptographic system : - CVE-2021-23840: Prevent an issue where 'Digital EnVeloPe' EVP-related calls could cause applications to behave incorrectly or even crash. - CVE-2021-23841: Prevent an issue in the X509 certificate parsing caused ...

Debian DLA-2567-1 : unrar-free security update

Several issues have been found in unrar-free, an unarchiver for .rar files. CVE-2017-14120 This CVE is related to a directory traversal vulnerability for RAR v2 archives. CVE-2017-14121 This CVE is related to NULL pointer dereference flaw triggered by a specially crafted RAR archive. CVE-2017-141...

Debian DLA-2565-1 : openssl1.0 security update

It was discovered that there were two issues in the 1.0 branch of the OpenSSL cryptographic system : - CVE-2021-23840: Prevent an issue where 'Digital EnVeloPe' EVP-related calls could cause applications to behave incorrectly or even crash. - CVE-2021-23841: Prevent an issue in the X509 certifica...

Debian DLA-2562-1 : mumble security update

It was discovered that there was a a remote code execution vulnerability in mumble, a VoIP client commonly used for group chats. The exploit could have been been triggered by a maliciously crafted URL on the server list. For Debian 9 'Stretch', this problem has been fixed in version...

[SECURITY] [DLA 2567-1] unrar-free security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2567-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 18, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2566-1] libbsd security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2566-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 18, 2021 https://wiki.debian.org/LTS -...