Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.
06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9
Debian Linux Security Advisory 5067-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service.
0484f18bed972d71f7df53edb8f4ef294019db03c31c92c45a5da5d8c6a8bcb6
Debian Linux Security Advisory 5068-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
83e824ad1d34e69303e2416d84b6ac09d82cd6ee5295728b9da45a9afc1d7955
Debian Linux Security Advisory 5069-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
1e379d99e51e240d11a38bb3c97e078979a6a30fadbcc6e5288eaf04dd9572af
Debian Linux Security Advisory 5070-1 - CVE-2021-4122
7339a6a083baba45995620f30ca40190fa139930b7c05330150961e3e77cff15
Debian Linux Security Advisory 5071-1 - Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
c65ef5714b1203bc675e8b5399a8cb9046a4536959aeacea4b226f71b4957cce
Debian Linux Security Advisory 5072-1 - Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
5aa61912346393ec6e1bb0438a11ab639ce2ce1c44fde0f5c401cc429a2db952
Debian Linux Security Advisory 5073-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
2a5928c2c95034b476596185df810d0f37c78feccaaac4aebbc933ac64290cb4
Debian Linux Security Advisory 5074-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
6b3407661d40a30199696dab9bda0cff90fdb0550c90f49d70d35f995637d300
Debian Linux Security Advisory 5075-1 - Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment.
8cdd9fdeb60db676b6890c8676fa29f99f832d9ba45c362267f9a26440d4d9dc
Debian Linux Security Advisory 5076-1 - Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console is a developer tool and not required by any reverse-dependency in Debian. It has been disabled in (old)stable releases. Database developers are advised to use at least version 2.1.210-1, currently available in Debian unstable.
602fbf289f0a4645af55ca95b395d714f480f6c820bc52e484aa494076a698fc
Debian Linux Security Advisory 5077-1 - Multiple security issues were discovered in LibreCAD, an application for computer aided design (CAD) which could result in denial of service or the execution of arbitrary code if a malformed CAD file is opened.
afc775f5db0c47cdcf5886354da7a08cf0a82bcf11ad1a79e57ab58d53121383
Debian Linux Security Advisory 5078-1 - It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.
602ee7c93d7aaf91206a9ab27b951e0acda36e1dc3ea481d1b2e907673a0bba8
Debian Linux Security Advisory 5079-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
208b881562d41ad7ea06c546595de543110cc6c9bed23b923cf1574561b46ec0
Debian Linux Security Advisory 5080-1 - Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation.
7aa8df4f541b162dac303b93aaa55309b14be4e5e525a23d7c6f864f2333f2d1
Debian Linux Security Advisory 5081-1 - Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database.
24bea18a7ed5c46714df1e7fdd4207accfb76d034120ddde8eb85452b1cc49e8
Debian Linux Security Advisory 5082-1 - Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.
0d3f1a5fe1e49457b4ad5606bb3a59b6b219551a7056119efecb97680d9f7506
Debian Linux Security Advisory 5083-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
5fceef4c8cd38a848ec306ff10e8b3165efd374cb22554eaa075d16353c3fc67
Debian Linux Security Advisory 5084-1 - The following vulnerabilities have been discovered in the WPE WebKit web engine.
a15e8e3bbcf0339e99ef32ba2a6eb4b639b2b461d100788facd2371884643c33
Debian Linux Security Advisory 5085-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
0a1c5c3e3f1598ea66cbd52fa5a77ab866124388437e58a6c8661edb8f48157e
Debian Linux Security Advisory 5086-1 - An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message.
571fa77f76dcf78551867c4f943fb1e287a30d7b51caa18a8430dcf810222e6c
Debian Linux Security Advisory 5087-1 - It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.
410b3b79060f1fcbba45f2a81cc0b6deac35652c246b8334e6570b6df4c9e79b
Ubuntu Security Notice 5307-1 - Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10.
93c74c6aff190d655abe77b615cbb1fdb9e7fd27501547e3980eeee5e03af9e9
Ubuntu Security Notice 5306-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4707e6455db6e67f13deff36f5a237a548085e428fab6e3fa9ad01323dd3f307
Ubuntu Security Notice 5305-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
815bfa1ab915305e12d2a8aa42fa36c26e97c9bb08144e2f919e5d498502d721