💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2024-09-28 at 23:53:40. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-08-31)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2024-09-28T23:31:57Z
2024-09-27
It was discovered that the Booth cluster ticket manager failed to
correctly validate some authentication hashes.
https://security-tracker.debian.org/tracker/DSA-5777-1
2024-09-27
Albert Cervera discovered two missing authorisation checks in the Tryton
application platform.
https://security-tracker.debian.org/tracker/DSA-5776-1
2024-09-26
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5775-1
2024-09-20
It was discovered that ruby-saml, a SAML library implementing the client
side of a SAML authorization, does not properly verify the signature of
the SAML Response, which could result in bypass of authentication in an
application using the ruby-saml library.
https://security-tracker.debian.org/tracker/DSA-5774-1
2024-09-19
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5773-1
2024-09-17
Yufan You discovered that Libreoffice's handling of documents based on
ZIP archives was suspectible to spoofing attacks when the repair mode
attempts to address a malformed archive structure.
For additional information please refer to
https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/
https://security-tracker.debian.org/tracker/DSA-5772-1
2024-09-17
Fabien Potencier discovered that under some conditions the sandbox
mechanism of Twig, a template engine for PHP, could by bypassed.
https://security-tracker.debian.org/tracker/DSA-5771-1
2024-09-17
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5770-1
2024-09-13
Multiple issues were found in Git, a fast, scalable, distributed
revision control system, which may result in file overwrites outside the
repository, arbitrary configuration injection or arbitrary code
execution.
https://security-tracker.debian.org/tracker/DSA-5769-1
2024-09-11
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5768-1
2024-09-08
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5767-1
2024-09-05
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5766-1
2024-09-04
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.
https://security-tracker.debian.org/tracker/DSA-5765-1
2024-09-03
David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a
Secure Sockets Layer toolkit, which may cause an application performing
certificate name checks to crash, resulting in denial of service.
Additional details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20240903.txt
https://security-tracker.debian.org/tracker/DSA-5764-1
2024-08-30
William Khem-Marquez discovered that Pymatgen, a Python library for
materials analysis, could be tricked into running arbitrary code if a
malformed CIF file is processed.
https://security-tracker.debian.org/tracker/DSA-5763-1
2024-08-30
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-4558
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2024-40776
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40779
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40780
Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40782
Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2024-40785
Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.
CVE-2024-40789
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40794
Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.
https://security-tracker.debian.org/tracker/DSA-5762-1
2024-08-29
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5761-1
2024-08-29
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
https://security-tracker.debian.org/tracker/DSA-5760-1
2024-08-27
Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:
CVE-2024-0397
A race condition in the ssl module was found when accessing
CA certificates.
CVE-2024-4032
The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.
CVE-2024-8088
Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)
https://security-tracker.debian.org/tracker/DSA-5759-1
2024-08-26
Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.
https://security-tracker.debian.org/tracker/DSA-5758-1
2024-08-23
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5757-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5756-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5755-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5754-1
2024-08-21
An integer overflow was discovered in aom, the AV1 Video Codec Library,
which could potentially result in the execution of arbitrary code if a
malformed media file is processed.
https://security-tracker.debian.org/tracker/DSA-5753-1
2024-08-21
Two vulnerabilities have been discovered in the IMAP implementation of
the Dovecot mail server: Excessive numbers of address headers or very
large headers can result in high CPU usage, leading to denial of
service.
https://security-tracker.debian.org/tracker/DSA-5752-1
2024-08-19
Joshua Rogers that incorrect parsing of ESI variables in the Squid proxy
caching server could result in memory corruption.
https://security-tracker.debian.org/tracker/DSA-5751-1
2024-08-18
Support for the "strict kex" SSH extension has been backported to
AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening
against the Terrapin attack.
https://security-tracker.debian.org/tracker/DSA-5750-1
2024-08-14
Chris Williams discovered a flaw in the handling of mounts for
persistent directories in Flatpak, an application deployment framework
for desktop apps. A malicious or compromised Flatpak app using
persistent directories could take advantage of this flaw to access files
outside of the sandbox.
Details can be found in the upstream advisory at
https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
https://security-tracker.debian.org/tracker/DSA-5749-1
2024-08-14
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
https://security-tracker.debian.org/tracker/DSA-5748-1
════════════════════════
Skriptlauf: 2024-09-29T05:32:02