Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88
Debian Linux Security Advisory 5588-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
7af4170ad4031fd3d2a9ee78c01336ac9376c0590df4e88dd4e5550f0258ed24
Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.
ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11a
Debian Linux Security Advisory 5586-1 - Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite.
eb54a28b3d95ad19c4329f6295f24f93dcd4b5a934d6c9ce761901a356063b87
Debian Linux Security Advisory 5585-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code.
6bdc57ba62dca405ff912bfb253ff159c0424aaec22f42f0393fca58b622688a
Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.
c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802d
Debian Linux Security Advisory 5583-1 - A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
5dfda49306d8cfe3611973e08f1100d7a0e73e95687e4f98225625e819254d99
Debian Linux Security Advisory 5582-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails.
b3f70726ef2fae015527060cb4b5e5d13980592e40aae2e78d1c509408fdb9b4
Debian Linux Security Advisory 5581-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking.
8e9ebae0bccbe4842bf36efe2bc7e6db305fad064c670f91a6bc7f76d2742daa
Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.
c6891c045504fe548f17f5660e0f9ab7018990e4e84cbb0260fb3fbed6e142c6
Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.
d3cff019742d9c0322612e8a359f402f4290070167509cc7d9ce8e4d328f85c0
Debian Linux Security Advisory 5576-2 - The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available.
6ac1fd4d8be53ce269e1946d49995f722c9654920861467d8417cd36346e4880
Debian Linux Security Advisory 5578-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle errors in the gdev_prn_open_printer_seekable() function, which could result in the execution of arbitrary commands if malformed document files are processed.
20aeaf38dff4509c5503e7d3ced1a1155f0e31b502d0583ba7cf15955095ed39
Debian Linux Security Advisory 5577-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c5ff8727b2a35a81281356fbaac0341a385b77c155b5b3bcff91bf3678d631d9
Debian Linux Security Advisory 5576-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
02e7defbebaae0b355ce0347a45f3a3e36a998c50aabf68a9166432de62acb8b
Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
fb2b3e50ddbe9455517494418af65058e060ac8c36d2bcce67a49bffceb3b808
Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.
213eb449b719ea3918fe5b9547405966d36fc8f530f2d761e55375d63d105631
Debian Linux Security Advisory 5573-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
6fae7b2aaaff25471cd4aad15ab381b34cbc82ff82460c7b982e9cea7bdbab4b
Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.
7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617
Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.
7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295
Debian Linux Security Advisory 5570-1 - It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service.
a361a8b094e0e37ca2ea5d4f587944cad91928be895d0bc0f7d06332bb7e2d37
Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d5d2209b119ae9264996f7c9c9bb3d93c4f147ce270625707943898e702df953
Debian Linux Security Advisory 5568-1 - It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service.
f98b1127ce5c74663b458fb7d53e20ef0a1319434f99078abbab9c106d3d5590
Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
488383dfe99aada3210eb06ee816794f7320a1dcece9cbb4baefa6be343ce04b
Debian Linux Security Advisory 5566-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
dc1354b24c85d0736abec5ec30d71ed0e434f0143fd6ad92b25792e7a5fe5154