Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities have been found in frr, the FRRouting suite of internet protocols. An attacker could craft packages to trigger buffer overflows with the possibility to gain remote code execution, buffer overreads, crashes or trick the software to enter an infinite loop.
Security vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure, privilege escalation, or denial of service.
Several security vulnerabilities have been discovered in knot-resolver, a caching, DNSSEC-validating DNS resolver which may allow remote attackers to bypass DNSSEC validation or cause a denial-of-service.
Putty, a Telnet/SSH client for X, was vulnerable. CVE-2019-17069
Several vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server for Unix CVE-2020-14318
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. For Debian 10 buster, these problems have been fixed in version
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.
This update includes the changes in tzdata 2024a for the Perl bindings. For the list of changes, see DLA-3789-1. For Debian 10 buster, this problem has been fixed in version
This update includes the changes in tzdata 2024a. Notable changes are: - - Kazakhstan unifies on UTC+5 beginning 2024-03-01.
Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080
A buffer overflow in _imagingcms.c was fixed in Pillow, an image processing library for Python. For Debian 10 buster, this problem has been fixed in version
Multiple security issues have been fixed in the waveform viewer GTKWave by upgrading to a more recent upstream version. For Debian 10 buster, these problems have been fixed in version
Expat, an XML parsing C library has been found to have an vulnerability that allows an attacker to perform a denial of service (resource consumption, when many full reparsings are required in the case of a large tokens.
CVE-2024-28085 Skyler Ferrante discovered that the wall(1) utility found in util-linux, a collection of system utilities for Linux, does not
Two issues have been found in libcaca, a colour ASCII art library. Both are related to heap buffer overflow, which might lead to memory corruption.
Several issues have been found in libgd2, a GD Graphics Library. They are related to out-of-bounds reads or NULL pointer derefence allowing denial of service attacks.
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2024-24549
Multiple vulnerabilities were found in libvirt, a C toolkit to interact with the virtualization capabilities of Linux, which could lead to denial of service or information disclosure.