Debian Linux Security Advisory 4843-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
b63fae8d21eadd6fb015db055e5e8e2055c3653fa769dcd8d9d46a56af24ab72
Debian Linux Security Advisory 4844-1 - Moshe Kol and Shlomi Oberman of JSOF discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server. They could result in denial of service, cache poisoning or the execution of arbitrary code.
e8796fb0d51a874f14fa08f40ef54df04e7a41a8ec5691ce2db533b0966e1ebf
Debian Linux Security Advisory 4845-1 - Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via specially crafted packets.
93d9bd640781dd21a67eca3c27b1a0e8b18464cca9960cea70eccb7f6a636db7
Debian Linux Security Advisory 4846-1 - Several vulnerabilities have been discovered in the chromium web browser.
5c0a1a187b9f8a05156e97de44f20d15cc23e6a90f1c97e6bec018b05c985138
Debian Linux Security Advisory 4847-1 - A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.
e6c4b376d3fc8f7e2f9e8a51b0edb8192c78ab02ff4cd8ee359c53f6c671d352
Debian Linux Security Advisory 4848-1 - Multiple security issues were discovered in the implementation of the Go programming language, which could result in denial of service and the P-224 curve implementation could generate incorrect outputs.
beb05da7d25160a00b718beaaba0fb9e0dd6e57c21ea264f3447768133371b78
Debian Linux Security Advisory 4849-1 - Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, a sandbox program to restrict the running environment of untrusted applications, which could result in root privilege escalation. This update disables OverlayFS support in firejail.
5cebbbf9494bd78be8d3a2cb5e6e70f124bb0474d52286e83dcaa8b6aa666789
Debian Linux Security Advisory 4850-1 - It was discovered that zstd, a compression utility, temporarily exposed a world-readable version of its input even if the original file had restrictive permissions.
971cfa1b26f29f8d1a0b32ade924cd6212a8cb8aea8fba8944c763bcac2dc3c4
Debian Linux Security Advisory 4851-1 - Thomas Akesson discovered a remotely triggerable vulnerability in the mod_authz_svn module in Subversion, a version control system. When using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option an unauthenticated remote client can take advantage of this flaw to cause a denial of service by sending a request for a non-existing repository URL.
81cb5fe96ccd2e9181d3b976b7ee7b20538707d3127deded8638b9a2236761c6
Debian Linux Security Advisory 4852-1 - Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet.
b81e9b7032ae9bce92891e5eb2a14ad8b78e5e60ca1e9332fc6c0b55fc38e1e1
Debian Linux Security Advisory 4853-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.
f00cc707979cfe7422a2cf35b483c3d033afae999b15397ec9b9363fc6a64e62
Debian Linux Security Advisory 4854-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
be381d581a9e46a25974b634d65ded4a24b1669637f63dc9d1bed0470b79c1fa
Debian Linux Security Advisory 4855-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.
97d32585c37fd8006093ec57a2913bfc6ae8b85626eb395c01aae4dc59e6947a
Debian Linux Security Advisory 4856-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, cookie forgery or incorrect encryption.
be2a91fc87e7e29c4dd5af1cb4a667a713a1b5063f638d8c6ad302b66aa2a3ff
Debian Linux Security Advisory 4857-1 - A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code.
0d5f699225d63d98310a1b39eec5904606fd5c723c4bc622c2e54f1635238966
Debian Linux Security Advisory 4858-1 - Several vulnerabilities have been discovered in the chromium web browser.
06e041eb0996b6bf6de349afabb9921c5d0e7f815b82714c950fc912a4954e80
Debian Linux Security Advisory 4859-1 - It was discovered that zstd, a compression utility, was vulnerable to timeframe, a world-readable version of its input even if the original file had restrictive permissions.
0f40c2be124fe4e129eb1875cd1e8aece49dfe999146fb100904aec18582840d
Debian Linux Security Advisory 4860-1 - A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash) via specially crafted packets.
e6d572d1741ea0e53922e0ddb5e0817baa079772df52005a2a3f4434a186b812
Debian Linux Security Advisory 4861-1 - Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence.
569d4df0108d39054a602652829a1fa05af2ce0f91699542d0f207bc9e1d1522
Debian Linux Security Advisory 4862-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
58e9f63ccd4b647aef2aec8484c3dda953d32a4ae7a76fe75ce16305e18aac17
Debian Linux Security Advisory 4863-1 - Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks.
56c3871a90994e8fc6eb8e6378eb9ce00442b53e24dda4d8a67326e482b2be17
Debian Linux Security Advisory 4864-1 - Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.
321114aef666b4091333abafeca13121fe248807de9356cb302fcd5cbe17a923
Debian Linux Security Advisory 4865-1 - Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation.
7dc2d80b850f6bd28a9e9f63dfe2208b8767f34538778cfff1dac3efbf2d1d04
Debian Linux Security Advisory 4866-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.
6799803f6b184aa6dd8507e9afb88c97a9fb03cbd4498085740a1123c157048a
Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
015592afe732b3ada83a567c482dde3ef51b5013b20d3697d12c66d5d49169f3