feed2list
Search and browse in Computer · Security
   search hits: 33
website Debian Security
Debian Security Advisories

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.


Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids:


Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.


It was discovered that the Soup HTTP library performed insufficient validation of cookie requests which could result in an out-of-bounds memory read.


Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language:


Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.


Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.


Several vulnerabilities have been discovered in the chromium web browser.


Multiple vulnerabilities have been discovered in the Xen hypervisor:


Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.


Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.


It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.


This update provides mitigations for the lazy FPU vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/advisory-267.html


It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.


Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.


Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.


Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.