💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2024-05-10 at 10:46:36. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-03-21)

➡️ Next capture (2024-05-12)

🚧 View Differences

-=-=-=-=-=-=-

Debian Security

Debian Security Advisories

Zuletzt aktualisiert: 2024-05-10T11:33:56Z

DSA-5686-1 dav1d - security update

2024-05-09

Nick Galloway discovered an integer overflow in dav1d, a fast and small

AV1 video stream decoder which could result in memory corruption.

https://security-tracker.debian.org/tracker/DSA-5686-1

Mehr

DSA-5682-2 glib2.0 - regression update

2024-05-09

The update for glib2.0 released as DSA 5682-1 caused a regression in

ibus affecting text entry with non-trivial input methods. Updated

glib2.0 packages are available to correct this issue.

https://security-tracker.debian.org/tracker/DSA-5682-2

Mehr

DSA-5685-1 wordpress - security update

2024-05-08

Several security vulnerabilities have been discovered in Wordpress, a popular

content management framework, which may lead to exposure of sensitive

information to an unauthorized actor in WordPress or allowing unauthenticated

attackers to discern the email addresses of users who have published public

posts on an affected website via an Oracle style attack.

Furthermore this update resolves a possible cross-site-scripting vulnerability,

a PHP File Upload bypass via the plugin installer and a possible remote code

execution vulnerability which requires an attacker to control all the

properties of a deserialized object though.

https://security-tracker.debian.org/tracker/DSA-5685-1

Mehr

DSA-5684-1 webkit2gtk - security update

2024-05-09

The following vulnerabilities have been discovered in the WebKitGTK

web engine:

CVE-2023-42843

Kacper Kwapisz discovered that visiting a malicious website may

lead to address bar spoofing.

CVE-2023-42950

Nan Wang and Rushikesh Nandedkar discovered that processing

maliciously crafted web content may lead to arbitrary code

execution.

CVE-2023-42956

SungKwon Lee discovered that processing web content may lead to a

denial-of-service.

CVE-2024-23252

anbu1024 discovered that processing web content may lead to a

denial-of-service.

CVE-2024-23254

James Lee discovered that a malicious website may exfiltrate audio

data cross-origin.

CVE-2024-23263

Johan Carlsson discovered that processing maliciously crafted web

content may prevent Content Security Policy from being enforced.

CVE-2024-23280

An anonymous researcher discovered that a maliciously crafted

webpage may be able to fingerprint the user.

CVE-2024-23284

Georg Felber and Marco Squarcina discovered that processing

maliciously crafted web content may prevent Content Security

Policy from being enforced.

https://security-tracker.debian.org/tracker/DSA-5684-1

Mehr

DSA-5683-1 chromium - security update

2024-05-08

Security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5683-1

Mehr

DSA-5682-1 glib2.0 - security update

2024-05-07

Alicia Boya Garcia reported that the GDBus signal subscriptions in the

GLib library are prone to a spoofing vulnerability. A local attacker can

take advantage of this flaw to cause a GDBus-based client to behave

incorrectly, with an application-dependent impact.

gnome-shell is updated along with this update to avoid a screencast

regression after fixing CVE-2024-34397.

https://security-tracker.debian.org/tracker/DSA-5682-1

Mehr

DSA-5681-1 linux - security update

2024-05-06

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

https://security-tracker.debian.org/tracker/DSA-5681-1

Mehr

DSA-5680-1 linux - security update

2024-05-06

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

https://security-tracker.debian.org/tracker/DSA-5680-1

Mehr

DSA-5679-1 less - security update

2024-05-03

Several vulnerabilities were discovered in less, a file pager, which may

result in the execution of arbitrary commands if a file with a specially

crafted file name is processed.

https://security-tracker.debian.org/tracker/DSA-5679-1

Mehr

DSA-5678-1 glibc - security update

2024-05-03

Several vulnerabilities were discovered in nscd, the Name Service Cache

Daemon in the GNU C library which may lead to denial of service or the

execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5678-1

Mehr

DSA-5677-1 ruby3.1 - security update

2024-05-03

Several vulnerabilities have been discovered in the interpreter for

the Ruby language, which may result in information disclosure, denial

of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5677-1

Mehr

DSA-5676-1 chromium - security update

2024-05-02

Security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5676-1

Mehr

DSA-5675-1 chromium - security update

2024-04-26

Security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5675-1

Mehr

DSA-5674-1 pdns-recursor - security update

2024-04-25

It was discovered that PDNS Recursor, a resolving name server, was

susceptible to denial of service if recursive forwarding is configured.

https://security-tracker.debian.org/tracker/DSA-5674-1

Mehr

DSA-5673-1 glibc - security update

2024-04-23

Charles Fol discovered that the iconv() function in the GNU C library is

prone to a buffer overflow vulnerability when converting strings to the

ISO-2022-CN-EXT character set, which may lead to denial of service

(application crash) or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5673-1

Mehr

DSA-5672-1 openjdk-17 - security update

2024-04-22

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5672-1

Mehr

DSA-5671-1 openjdk-11 - security update

2024-04-22

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5671-1

Mehr

DSA-5670-1 thunderbird - security update

2024-04-22

Multiple security issues were discovered in Thunderbird, which could

result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5670-1

Mehr

DSA-5669-1 guix - security update

2024-04-22

It was discovered that insufficient restriction of unix daemon sockets

in the GNU Guix functional package manager could result in sandbox

bypass.

https://security-tracker.debian.org/tracker/DSA-5669-1

Mehr

DSA-5668-1 chromium - security update

2024-04-20

Security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5668-1

Mehr

DSA-5667-1 tomcat9 - security update

2024-04-19

Several security vulnerabilities have been discovered in the Tomcat

servlet and JSP engine.

CVE-2023-46589

Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header

that exceeded the header size limit could cause Tomcat to treat a single

request as multiple requests leading to the possibility of request

smuggling when behind a reverse proxy.

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for

HTTP/2. When processing an HTTP/2 request, if the request exceeded any of

the configured limits for headers, the associated HTTP/2 stream was not

reset until after all of the headers had been processed.

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability. It was possible

for WebSocket clients to keep WebSocket connections open leading to

increased resource consumption.

https://security-tracker.debian.org/tracker/DSA-5667-1

Mehr

DSA-5666-1 flatpak - security update

2024-04-19

Gergo Koteles discovered that sandbox restrictions in Flatpak, an

application deployment framework for desktop apps, could by bypassed in

combination with xdg-desktop-portal.

https://security-tracker.debian.org/tracker/DSA-5666-1

Mehr

DSA-5665-1 tomcat10 - security update

2024-04-17

Several security vulnerabilities have been discovered in the Tomcat

servlet and JSP engine.

CVE-2023-46589

Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header

that exceeded the header size limit could cause Tomcat to treat a single

request as multiple requests leading to the possibility of request

smuggling when behind a reverse proxy.

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for

HTTP/2. When processing an HTTP/2 request, if the request exceeded any of

the configured limits for headers, the associated HTTP/2 stream was not

reset until after all of the headers had been processed.

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability. It was possible

for WebSocket clients to keep WebSocket connections open leading to

increased resource consumption.

https://security-tracker.debian.org/tracker/DSA-5665-1

Mehr

DSA-5664-1 jetty9 - security update

2024-04-17

Jetty 9 is a Java based web server and servlet engine. It was discovered that

remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not

closed), TCP congested and idle. Eventually the server will stop accepting new

connections from valid clients which can cause a denial of service.

https://security-tracker.debian.org/tracker/DSA-5664-1

Mehr

DSA-5663-1 firefox-esr - security update

2024-04-17

Multiple security issues have been found in the Mozilla Firefox web

browser, which could potentially result in the execution of arbitrary

code or clickjacking.

https://security-tracker.debian.org/tracker/DSA-5663-1

Mehr

DSA-5655-2 cockpit - regression update

2024-04-16

The update of cockpit released in DSA 5655-1 did not correctly built

binary packages due to unit test failures when building against libssh

0.10.6. This update corrects that problem.

https://security-tracker.debian.org/tracker/DSA-5655-2

Mehr

DSA-5662-1 apache2 - security update

2024-04-16

Multiple vulnerabilities have been discovered in the Apache HTTP server,

which may result in HTTP response splitting or denial of service.

https://security-tracker.debian.org/tracker/DSA-5662-1

Mehr

DSA-5661-1 php8.2 - security update

2024-04-15

Multiple security issues were found in PHP, a widely-used open source

general purpose scripting language which could result in secure cookie

bypass, XXE attacks or incorrect validation of password hashes.

https://security-tracker.debian.org/tracker/DSA-5661-1

Mehr

DSA-5660-1 php7.4 - security update

2024-04-15

Multiple security issues were found in PHP, a widely-used open source

general purpose scripting language which could result in secure cookie

bypass, XXE attacks or incorrect validation of password hashes.

https://security-tracker.debian.org/tracker/DSA-5660-1

Mehr

DSA-5659-1 trafficserver - security update

2024-04-14

Bartek Nowotarski discovered that Apache Traffic Server, a reverse and

forward proxy server, was susceptible to denial of service via HTTP2

continuation frames.

https://security-tracker.debian.org/tracker/DSA-5659-1

Mehr

════════════════════════

Skriptlauf: 2024-05-10T16:32:02

🏡