Jump to content
Bruno

NEW UPDATES Debian

Recommended Posts

sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4761-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 07, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : zeromq3
CVE ID         : CVE-2020-15166

It was discovered that ZeroMQ, a lightweight messaging kernel library
does not properly handle connecting peers before a handshake is
completed. A remote, unauthenticated client connecting to an application
using the libzmq library, running with a socket listening with CURVE
encryption/authentication enabled can take advantage of this flaw to
cause a denial of service affecting authenticated and encrypted clients.

For the stable distribution (buster), this problem has been fixed in
version 4.3.1-4+deb10u2.

 

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4762-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 07, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lemonldap-ng
CVE ID         : CVE-2020-24660

It was discovered that the default configuration files for running the
Lemonldap::NG Web SSO system on the Nginx web server were susceptible
to authorisation bypass of URL access rules. The Debian packages do not
use Nginx by default.

For the stable distribution (buster), this problem has been fixed in
version 2.0.2+ds-7+deb10u5, this update provides fixed example
configuration which needs to be integrated into Lemonldap::NG
deployments based on Nginx.

Share this post


Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4763-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 14, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : teeworlds
CVE ID         : CVE-2020-12066

It was discovered that insufficient sanitising of received network
packets in the game server of Teeworlds, an online multi-player platform
2D shooter, could result in denial of service.

For the stable distribution (buster), this problem has been fixed in
version 0.7.2-5+deb10u1.

Share this post


Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4764-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 18, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : inspircd
CVE ID         : CVE-2019-20917 CVE-2020-25269
Debian Bug     : 960650

Two security issues were discovered in the pgsql and mysql modules of
the InspIRCd IRC daemon, which could result in denial of service.

For the stable distribution (buster), these problems have been fixed in
version 2.0.27-1+deb10u1.

 

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4765-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 18, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : modsecurity
CVE ID         : CVE-2020-15598

Ervin Hegedues discovered that ModSecurity v3 enabled global regular
expression matching which could result in denial of service. For
additional information please refer to
https://coreruleset.org/20200914/cve-2020-15598/

For the stable distribution (buster), this problem has been fixed in
version 3.0.3-1+deb10u2.

Share this post


Link to post
Share on other sites

×
×
  • Create New...