💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2024-12-17 at 09:37:28. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-09-28)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2024-12-17T11:31:20Z
2024-12-16
Antonio Morales reported an integer overflow vulnerability in the memory
allocator in the Core GStreamer libraries, which may result in denial of
service or potentially the execution of arbitrary code if a malformed
media file is processed.
https://security-tracker.debian.org/tracker/DSA-5832-1
2024-12-14
Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.
https://security-tracker.debian.org/tracker/DSA-5831-1
2024-12-12
A security vulnerability was discovered in Smarty, a template engine for
PHP, which could result in PHP code injection.
https://security-tracker.debian.org/tracker/DSA-5830-1
2024-12-12
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5829-1
2024-12-11
Multiple security vulnerabilities were discovered in python-aiohttp,
a HTTP client/server for asyncio, which could result in denial of
service, directory traversal, CRLF injection or request smuggling.
https://security-tracker.debian.org/tracker/DSA-5828-1
2024-12-10
Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.
https://security-tracker.debian.org/tracker/DSA-5827-1
2024-12-10
Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.
https://security-tracker.debian.org/tracker/DSA-5826-1
2024-12-06
Sage McTaggart discovered an authentication bypass in radosgw, the RADOS
REST gateway of Ceph, a distributed storage and file system.
https://security-tracker.debian.org/tracker/DSA-5825-1
2024-12-06
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5824-1
2024-12-02
The update for needrestart announced as DSA 5815-1 introduced a
regression reporting false positives for processes running in chroot or
mountns. Updated packages are now available to correct this issue.
https://security-tracker.debian.org/tracker/DSA-5815-2
2024-12-02
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-44308
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have
been actively exploited on Intel-based Mac systems.
CVE-2024-44309
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to a cross site scripting
attack. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.
https://security-tracker.debian.org/tracker/DSA-5823-1
2024-12-02
It was discovered that in SimpleSAMLphp, an implementation of the SAML
2.0 protocol, is prone to a XXE vulnerability when loading an
(untrusted) XML document.
https://security-tracker.debian.org/tracker/DSA-5822-1
2024-11-27
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5821-1
2024-11-27
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, spoofing or cross-site scripting.
https://security-tracker.debian.org/tracker/DSA-5820-1
2024-11-26
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service, CLRF injection or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5819-1
2024-11-24
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5818-1
2024-11-23
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5817-1
2024-11-21
The postgresql minor release shipped in DSA 5812 introduced an ABI break,
which has been reverted so that extensions do not need to be rebuilt.
https://security-tracker.debian.org/tracker/DSA-5812-2
2024-11-19
The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,
a Perl module to recursively scan Perl code for dependencies, allows an
attacker to execute arbitrary shell commands via specially crafted file
names.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://security-tracker.debian.org/tracker/DSA-5816-1
2024-11-19
The Qualys Threat Research Unit discovered several local privilege
escalation vulnerabilities in needrestart, a utility to check which
daemons need to be restarted after library upgrades. A local attacker
can execute arbitrary code as root by tricking needrestart into running
the Python interpreter with an attacker-controlled PYTHONPATH
environment variable (CVE-2024-48990) or running the Ruby interpreter
with an attacker-controlled RUBYLIB environment variable
(CVE-2024-48992). Additionally a local attacker can trick needrestart
into running a fake Python interpreter (CVE-2024-48991) or cause
needrestart to call the Perl module Module::ScanDeps with
attacker-controlled files (CVE-2024-11003).
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://security-tracker.debian.org/tracker/DSA-5815-1
2024-11-15
A security issue was discovered in Thunderbird, which could result in
the disclosure of OpenPGP encrypted messages.
https://security-tracker.debian.org/tracker/DSA-5814-1
2024-11-15
Moritz Rauch discovered that the Symfony PHP framework implemented
persisted remember-me cookies incorrectly, which could result in
authentication bypass.
https://security-tracker.debian.org/tracker/DSA-5813-1
2024-11-15
Multiple security issues were discovered in PostgreSQL, which may result in
the execution of arbitrary code, privilege escalation or log manipulation.
https://security-tracker.debian.org/tracker/DSA-5812-1
2024-11-11
An out-of-bounds write vulnerability when handling crafted streams was
discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder
for layers 1, 2 and 3, which could result in the execution of arbitrary
code.
https://security-tracker.debian.org/tracker/DSA-5811-1
2024-11-11
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5810-1
2024-11-11
Multiple vulnerabilities have been found in the Symfony PHP framework
which could lead to privilege escalation, information disclosure,
incorrect validation or an open redirect.
https://security-tracker.debian.org/tracker/DSA-5809-1
2024-11-11
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
https://security-tracker.debian.org/tracker/DSA-5808-1
2024-11-10
Several vulnerabilities were discovered in NSS, a set of cryptographic
libraries, which may result in denial of service or potentially the
execution of arbitary code.
https://security-tracker.debian.org/tracker/DSA-5807-1
2024-11-09
A heap-based out-of-bounds write vulnerability was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
https://security-tracker.debian.org/tracker/DSA-5806-1
2024-11-08
It was discovered that the daemon of the GNU Guix functional package
manager was susceptible to privilege escalation. For additional
information please refer to
https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
https://security-tracker.debian.org/tracker/DSA-5805-1
════════════════════════
Skriptlauf: 2024-12-17T15:32:09