Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Composer, an application-level dependency manager for the PHP programming language was vulnerable. CVE-2023-43655:
Vulnerabilities have been found in Node.js, which could lead to denial of service or information disclosure. CVE-2023-30590
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.
Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version
It was discovered that there was a command-line injection issue in the FreeIPA identity, authentication and audit framework. A specially crafted HTTP request could have lead to a Denial of Service (DoS) attack and/or data exposure.
Two vulnerabilities have been fixed in the Python 3 interpreter. CVE-2023-6597
The zipfile module was vulnerable to âquoted-overlapâ zip-bombs in the Python 2 interpreter. For Debian 10 buster, this problem has been fixed in version
An issue has been found in libnet-cidr-lite-perl, a module for merging IPv4 or IPv6 CIDR address ranges.
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects.
Multiple vulnerabilities were discovered in the Python Imaging Library (PIL), an image processing library for Python. CVE-2021-23437
A memory leak was found in imagemagick a popular software suite for displaying, creating, converting, modifying, and editing raster images. For Debian 10 buster, this problem has been fixed in version
A couple of vulnerabilities were found in zfs-linux. CVE-2013-20001
Multiple vulnerabilities were found in Cacti, a network monitoring system. An attacker could manipulate the database, execute code remotely, launch DoS (denial-of-service) attacks or impersonate Cacti users, in some situations.
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.
curl was affected by a path traversal vulnerability. SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate
Two vulnerabilities have been fixed in unADF, a tool to extract files from an Amiga Disk File dump. CVE-2016-1243
Hatim Chabik discovered a cross-site scripting (XSS) vulnerability in spip, a content management system, which can lead to privilege escalation or information disclosure.
Prototype pollution has been fixed in node-xml2js, an XML to JavaScript object converter. For Debian 10 buster, this problem has been fixed in version
Multiple vulnerabilities have been fixed in the machine emulator and virtualizer QEMU. CVE-2023-2861
Two vulnerabilities were discovered in tiff, Tag Image File Format library. CVE-2023-3576