Jump to content

Recommended Posts

sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4916-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 17, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : prosody
CVE ID         : CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 
                 CVE-2021-32921

Multiple security issues were found in Prosody, a lightweight Jabber/XMPP
server, which could result in denial of service or information disclosure.

For the stable distribution (buster), these problems have been fixed in
version 0.11.2-1+deb10u1.
Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1587

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4917-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
May 17, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509
                 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513
                 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517
                 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2021-30506

    @retsew0x01 discovered an error in the Web App installation interface.

CVE-2021-30507

    Alison Huffman discovered an error in the Offline mode.

CVE-2021-30508

    Leecraso and Guang Gong discovered a buffer overflow issue in the Media
    Feeds implementation.

CVE-2021-30509

    David Erceg discovered an out-of-bounds write issue in the Tab Strip
    implementation.

CVE-2021-30510

    Weipeng Jiang discovered a race condition in the aura window manager.

CVE-2021-30511

    David Erceg discovered an out-of-bounds read issue in the Tab Strip
    implementation.

CVE-2021-30512

    ZhanJia Song discovered a use-after-free issue in the notifications
    implementation.

CVE-2021-30513

    Man Yue Mo discovered an incorrect type in the v8 javascript library.

CVE-2021-30514

    koocola and Wang discovered a use-after-free issue in the Autofill
    feature.

CVE-2021-30515

    Rong Jian and Guang Gong discovered a use-after-free issue in the file
    system access API.

CVE-2021-30516

    ZhanJia Song discovered a buffer overflow issue in the browsing history.

CVE-2021-30517

    Jun Kokatsu discovered a buffer overflow issue in the reader mode.

CVE-2021-30518

    laural discovered use of an incorrect type in the v8 javascript library.

CVE-2021-30519

    asnine discovered a use-after-free issue in the Payments feature.

CVE-2021-30520

    Khalil Zhani discovered a use-after-free issue in the Tab Strip
    implementation.

For the stable distribution (buster), these problems have been fixed in
version 90.0.4430.212-1~deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4918-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 18, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-rack-cors
CVE ID         : CVE-2019-18978
Debian Bug     : 944849

Improper pathname handling in ruby-rack-cors, a middleware that makes
Rack-based apps CORS compatible, may result in access to private
resources.

For the stable distribution (buster), this problem has been fixed in
version 1.0.2-1+deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4919-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 21, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lz4
CVE ID         : CVE-2021-3520
Debian Bug     : 987856

Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a
fast LZ compression algorithm library, resulting in memory corruption.

For the stable distribution (buster), this problem has been fixed in
version 1.8.3-1+deb10u1.

 

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4916-2                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 21, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : prosody
Debian Bug     : 988756

The update for prosody released as DSA 4916-1 introduced a regression
in websocket support. Updated prosody packages are now available to
correct this issue.

For the stable distribution (buster), these problems have been fixed in
version 0.11.2-1+deb10u2.
Link to post
Share on other sites
sunrat
 -------------------------------------------------------------------------
Debian Security Advisory DSA-4920-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 24, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libx11
CVE ID         : CVE-2021-31535
Debian Bug     : 988737

Roman Fiedler reported that missing length validation in various
functions provided by libx11, the X11 client-side library, allow
to inject X11 protocol commands on X clients, leading to
authentication bypass, denial of service or potentially the
execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 2:1.6.7-1+deb10u2.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4921-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 28, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nginx
CVE ID         : CVE-2021-23017
Debian Bug     : 989095

Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one
in Nginx, a high-performance web and reverse proxy server, which could
result in denial of service and potentially the execution of arbitrary
code.

For the stable distribution (buster), this problem has been fixed in
version 1.14.2-2+deb10u4.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4922-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 29, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : hyperkitty
CVE ID         : CVE-2021-33038

Amir Sarabadani and Kunal Mehta discovered that the import functionality
of Hyperkitty, the web user interface to access Mailman 3 archives, did
not restrict the visibility of private archives during the import, i.e.
that during the import of a private Mailman 2 archive the archive was
publicly accessible until the import completed.

For the stable distribution (buster), this problem has been fixed in
version 1.2.2-1+deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4923-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
May 30, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2021-1788 CVE-2021-1844 CVE-2021-1871

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

CVE-2021-1788

    Francisco Alonso discovered that processing maliciously crafted
    web content may lead to arbitrary code execution.

CVE-2021-1844

    Clement Lecigne and Alison Huffman discovered that processing
    maliciously crafted web content may lead to arbitrary code
    execution.

CVE-2021-1871

    An anonymous researcher discovered that a remote attacker may be
    able to cause arbitrary code execution.

For the stable distribution (buster), these problems have been fixed in
version 2.32.1-1~deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4899-2                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 31, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-11-jre-dcevm
Debian Bug     : 942876

The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM
for OpenJDK 11 with enhanced class redefinition, has been updated for
compatibility with OpenJDK 11.0.11.

For the stable distribution (buster), this problem has been fixed in
version openjdk-11-jre-dcevm_11.0.11+9-2~deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4924-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 01, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squid
CVE ID         : CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 
                 CVE-2021-31807 CVE-2021-31808
Debian Bug     : 988891 988892 988893 989043

Multiple denial of service vulnerabilities were discovered in the Squid
proxy caching server.

For the stable distribution (buster), these problems have been fixed in
version 4.6-1+deb10u6.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4925-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 02, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2021-29967

Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 78.11.0esr-1~deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4926-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 03, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lasso
CVE ID         : CVE-2021-28091

It was discovered that lasso, a library which implements SAML 2.0 and
Liberty Alliance standards, did not properly verify that all assertions
in a SAML response were properly signed, allowing an attacker to
impersonate users or bypass access control.

For the stable distribution (buster), this problem has been fixed in
version 2.6.0-2+deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4927-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 05, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2021-29956 CVE-2021-29957 CVE-2021-29967

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code. In adddition two security
issues were addressed in the OpenPGP support.

For the stable distribution (buster), these problems have been fixed in
version 1:78.11.0-1~deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4928-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 09, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : htmldoc
CVE ID         : CVE-2021-23158 CVE-2021-23165 CVE-2021-23180
                 CVE-2021-23191 CVE-2021-23206 CVE-2021-26252
		 CVE-2021-26259 CVE-2021-26948

A buffer overflow was discovered in HTMLDOC, a HTML processor that
generates indexed HTML, PS, and PDF, which could potentially result in
the execution of arbitrary code. In addition a number of crashes
were addressed.

For the stable distribution (buster), these problems have been fixed in
version 1.9.3-1+deb10u2.

 

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4929-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 09, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rails
CVE ID         : CVE-2021-22880 CVE-2021-22885 CVE-2021-22904
Debian Bug     : 988214

Multiple security issues were discovered in the Rails web framework
which could result in denial of service.

For the stable distribution (buster), these problems have been fixed in
version 2:5.2.2.1+dfsg-1+deb10u3.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4930-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 10, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libwebp
CVE ID         : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 
                 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 
                 CVE-2020-36331 CVE-2020-36332

Multiple vulnerabilities were discovered in libwebp, the implementation
of the WebP image format, which could result in denial of service, memory
disclosure or potentially the execution of arbitrary code if malformed
images are processed.

For the stable distribution (buster), these problems have been fixed in
version 0.6.1-2+deb10u1.
Link to post
Share on other sites
sunrat
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4931-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 15, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service or information leaks.

For the stable distribution (buster), these problems have been fixed in
version 4.11.4+107-gef32c7afa2-1.
Link to post
Share on other sites

×
×
  • Create New...