Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.
06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9Debian Linux Security Advisory 5067-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service.
0484f18bed972d71f7df53edb8f4ef294019db03c31c92c45a5da5d8c6a8bcb6Debian Linux Security Advisory 5068-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
83e824ad1d34e69303e2416d84b6ac09d82cd6ee5295728b9da45a9afc1d7955Debian Linux Security Advisory 5069-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
1e379d99e51e240d11a38bb3c97e078979a6a30fadbcc6e5288eaf04dd9572afDebian Linux Security Advisory 5070-1 - CVE-2021-4122
7339a6a083baba45995620f30ca40190fa139930b7c05330150961e3e77cff15Debian Linux Security Advisory 5071-1 - Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
c65ef5714b1203bc675e8b5399a8cb9046a4536959aeacea4b226f71b4957cceDebian Linux Security Advisory 5072-1 - Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
5aa61912346393ec6e1bb0438a11ab639ce2ce1c44fde0f5c401cc429a2db952Debian Linux Security Advisory 5073-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
2a5928c2c95034b476596185df810d0f37c78feccaaac4aebbc933ac64290cb4Debian Linux Security Advisory 5074-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
6b3407661d40a30199696dab9bda0cff90fdb0550c90f49d70d35f995637d300Debian Linux Security Advisory 5075-1 - Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment.
8cdd9fdeb60db676b6890c8676fa29f99f832d9ba45c362267f9a26440d4d9dcDebian Linux Security Advisory 5076-1 - Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console is a developer tool and not required by any reverse-dependency in Debian. It has been disabled in (old)stable releases. Database developers are advised to use at least version 2.1.210-1, currently available in Debian unstable.
602fbf289f0a4645af55ca95b395d714f480f6c820bc52e484aa494076a698fcDebian Linux Security Advisory 5077-1 - Multiple security issues were discovered in LibreCAD, an application for computer aided design (CAD) which could result in denial of service or the execution of arbitrary code if a malformed CAD file is opened.
afc775f5db0c47cdcf5886354da7a08cf0a82bcf11ad1a79e57ab58d53121383Debian Linux Security Advisory 5078-1 - It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.
602ee7c93d7aaf91206a9ab27b951e0acda36e1dc3ea481d1b2e907673a0bba8Debian Linux Security Advisory 5079-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
208b881562d41ad7ea06c546595de543110cc6c9bed23b923cf1574561b46ec0Debian Linux Security Advisory 5080-1 - Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation.
7aa8df4f541b162dac303b93aaa55309b14be4e5e525a23d7c6f864f2333f2d1Debian Linux Security Advisory 5081-1 - Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database.
24bea18a7ed5c46714df1e7fdd4207accfb76d034120ddde8eb85452b1cc49e8Debian Linux Security Advisory 5082-1 - Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.
0d3f1a5fe1e49457b4ad5606bb3a59b6b219551a7056119efecb97680d9f7506Debian Linux Security Advisory 5083-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
5fceef4c8cd38a848ec306ff10e8b3165efd374cb22554eaa075d16353c3fc67Debian Linux Security Advisory 5084-1 - The following vulnerabilities have been discovered in the WPE WebKit web engine.
a15e8e3bbcf0339e99ef32ba2a6eb4b639b2b461d100788facd2371884643c33Debian Linux Security Advisory 5085-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
0a1c5c3e3f1598ea66cbd52fa5a77ab866124388437e58a6c8661edb8f48157eDebian Linux Security Advisory 5086-1 - An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message.
571fa77f76dcf78551867c4f943fb1e287a30d7b51caa18a8430dcf810222e6cDebian Linux Security Advisory 5087-1 - It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.
410b3b79060f1fcbba45f2a81cc0b6deac35652c246b8334e6570b6df4c9e79bUbuntu Security Notice 5307-1 - Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10.
93c74c6aff190d655abe77b615cbb1fdb9e7fd27501547e3980eeee5e03af9e9Ubuntu Security Notice 5306-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4707e6455db6e67f13deff36f5a237a548085e428fab6e3fa9ad01323dd3f307Ubuntu Security Notice 5305-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
815bfa1ab915305e12d2a8aa42fa36c26e97c9bb08144e2f919e5d498502d721
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed