Letzte Aktivitäten

  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : libvpx
    CVE ID : CVE-2019-9232 CVE-2019-9325 CVE-2019-9433 CVE-2019-9371

    Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : haproxy
    CVE ID : CVE-2019-19330

    Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : php-imagick
    CVE ID : CVE-2019-11037
    Debian Bug : 928420

    An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : chromium
    CVE ID : CVE-2019-13723 CVE-2019-13724

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2019-13723

    Yuxiang Li discovered a use-after-free issue in the bluetooth service.

    CVE-2019-13724

    Yuxiang Li…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : enigmail

    DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster.

    For the stable distribution (buster), this problem has been fixed in version 2:2.1.3+ds1-4~deb10u2.

    We…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : symfony
    CVE ID : CVE-2019-18887 CVE-2019-18888 CVE-2019-18889

    Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : slurm-llnl
    CVE ID : CVE-2019-12838

    It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : thunderbird
    CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763
    CVE-2019-11762 CVE-2019-11761 CVE-2019-11760
    CVE-2019-11759 CVE-2019-11757 CVE-2019-11755

    Multiple security issues have been found in Thunderbird which could…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : mosquitto
    CVE ID : CVE-2019-11779
    Debian Bug : 940654

    A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : ghostscript
    CVE ID : CVE-2019-14869

    Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : postgresql-common
    CVE ID : CVE-2019-3466

    Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

    For…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : webkit2gtk
    CVE ID : CVE-2019-8812 CVE-2019-8814

    These vulnerabilities have been discovered in the webkit2gtk web engine:

    CVE-2019-8812

    An anonymous researcher discovered that maliciously crafted web
    content may lead to…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : dpdk
    CVE ID : CVE-2019-14818

    It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.

    For the…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : qemu
    Debian Bug : 944623

    This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : intel-microcode
    CVE ID : CVE-2019-11135 CVE-2019-11139

    This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : linux
    CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : chromium
    CVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
    CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877
    CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659
    CVE-2019-13660 CVE-2019-13661…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : fribidi
    CVE ID : CVE-2019-18397
    Debian Bug : 944327

    Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : simplesamlphp
    CVE ID : CVE-2019-3465
    Debian Bug : 944107

    It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.

    For…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : proftpd-dfsg
    CVE ID : CVE-2019-18217
    Debian Bug : 942831

    Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop.

    For the…