Zuletzt aktualisiert: 2024-08-18T19:31:44Z
2024-08-18
Support for the "strict kex" SSH extension has been backported to
AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening
against the Terrapin attack.
https://security-tracker.debian.org/tracker/DSA-5750-1
2024-08-14
Chris Williams discovered a flaw in the handling of mounts for
persistent directories in Flatpak, an application deployment framework
for desktop apps. A malicious or compromised Flatpak app using
persistent directories could take advantage of this flaw to access files
outside of the sandbox.
Details can be found in the upstream advisory at
https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
https://security-tracker.debian.org/tracker/DSA-5749-1
2024-08-14
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
https://security-tracker.debian.org/tracker/DSA-5748-1
2024-08-13
Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
https://security-tracker.debian.org/tracker/DSA-5743-2
2024-08-12
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5747-1
2024-08-09
Noah Misch discovered a race condition in the pg_dump tool included in
PostgreSQL, which may result in privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5746-1
2024-08-09
Noah Misch discovered a race condition in the pg_dump tool included in
PostgreSQL, which may result in privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5745-1
2024-08-08
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5744-1
2024-08-08
Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
https://security-tracker.debian.org/tracker/DSA-5743-1
2024-08-08
A vulnerability was discovered in odoo, a suite of web based open
source business apps. It could result in the execution of arbitrary
code.
https://security-tracker.debian.org/tracker/DSA-5742-1
2024-08-08
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5741-1
2024-08-07
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, the bypass of sandbox restrictions or an information leak.
https://security-tracker.debian.org/tracker/DSA-5740-1
2024-08-06
Rory McNamara reported a local privilege escalation in wpasupplicant: A
user able to escalate to the netdev group can load arbitrary shared
object files in the context of the wpa_supplicant process running as
root.
https://security-tracker.debian.org/tracker/DSA-5739-1
2024-08-06
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5738-1
2024-08-05
If LibreOffice failed to validate a signed macro, it displayed a warning
but still allowed execution of the script after printing a warning.
Going forward in high macro security mode such macros are now disabled.
For additional information please refer to
https://www.libreoffice.org/about-us/security/advisories/cve-2024-6472/
https://security-tracker.debian.org/tracker/DSA-5737-1
2024-08-05
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5736-1
2024-07-31
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5735-1
2024-07-27
The security update announced as DSA 5734-1 caused a regression on
configurations using the Samba DLZ module. Updated packages are now
available to correct this issue.
https://security-tracker.debian.org/tracker/DSA-5734-2
2024-07-25
Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service.
To mitigate CVE-2024-1737 two new configuration statements have been
added to allow operators of secondary servers and recursive resolvers to
set an upper bound on the growth of data in their zones or caches.
Details can be found at:
https://kb.isc.org/docs/rrset-limits-in-zones
https://security-tracker.debian.org/tracker/DSA-5734-1
2024-07-18
Multiple security issues were discovered in Thunderbird, which could
potentially result in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5733-1
2024-07-18
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5732-1
2024-07-16
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5731-1
2024-07-15
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5730-1
2024-07-11
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in authentication bypass, execution of scripts in
directories not directly reachable by any URL, server-side request
forgery or denial of service.
https://security-tracker.debian.org/tracker/DSA-5729-1
2024-07-10
Phillip Szelat discovered that Exim, a mail transport agent, does not
properly parse a multiline RFC 2231 header filename, allowing a remote
attacker to bypass a $mime_filename based extension-blocking protection
mechanism.
https://security-tracker.debian.org/tracker/DSA-5728-1
2024-07-10
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5727-1
2024-07-05
Two vulnerabilities were discovered in the GSS message token handling in
krb5, the MIT implementation of Kerberos. An attacker can take advantage
of these flaws to bypass integrity protections or cause a denial of
service.
https://security-tracker.debian.org/tracker/DSA-5726-1
2024-07-03
Johannes Kuhn discovered that messages and channel names are not
properly escaped in the modtcl module in ZNC, a IRC bouncer, which could
result in remote code execution via specially crafted messages.
https://security-tracker.debian.org/tracker/DSA-5725-1
2024-07-01
The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd's SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://security-tracker.debian.org/tracker/DSA-5724-1
2024-06-27
Fabian Vogt discovered that the KDE session management server
insufficiently restricted ICE connections from localhost, which could
allow a local attacker to execute arbitrary code as another user on
next boot.
https://security-tracker.debian.org/tracker/DSA-5723-1
════════════════════════
Skriptlauf: 2024-08-18T23:02:01