Debian Linux Security Advisory 5631-1 - It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode.
47a934b5ac3f1708759ab799a958d93a60179f6a1700104e3edfe19ebc9732ce
Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
d28bce415e0153870f51c0a3a90c6dc32c960f44d25427214d3938b5389f18eb
Debian Linux Security Advisory 5629-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
fe6f1b5481a47f52acca8337fa69156b933a7a36fb449ecf930207ee4aae57f8
Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
f3cb8b62b33597d095e3b6b6dd3d138b869540fe77fdd212e1777a113e936759
Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
fecc020dcddb2184341c57558aa3f486e8ee301dd59c165be89472e03edd082b
Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.
49eaeb41d9120ce6fe9d1df8ab49ae3be8aab753012780b8c6b75059b99b0463
Debian Linux Security Advisory 5625-1 - It was discovered that Engrampa, an archive manager for the MATE desktop environment was susceptible to path traversal when handling CPIO archives.
9a1c7ac8fc318436774871b923098a3518f8bb8e1317c906db1ea7b583840645
Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
edeab3ca9fb62395b5cb0f4a0f796af3d4f2e0bf05a3127e4d9d601b63ad671c
Debian Linux Security Advisory 5623-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
60cfc70c245b50a553abe7492f6f4796b0b1935d25a2303d17029506ca738d31
Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
40f3d30ceb5a2b0a18009f042e47d7918427787875623bbdcfcb50b9a8856397
Debian Linux Security Advisory 5621-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.
c8c07e1985655854dd15f5e76e52c42de91372742f9064ab63788fb3a08e6280
Debian Linux Security Advisory 5620-1 - Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.
2128e1a0af0c67ffe2e1ffb50d3a9242efd9702a50aab4893ca90d85956fa4c9
Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
b5b61e9260d27d3a7d3bb35be908e3bb339c27baee2663ef2807a5082827d7b9
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
6da18f2f63505ce1e7bc16caeda8561a73818bb23b24d17427a1f16b8fcfce64
Debian Linux Security Advisory 5617-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
fc899430ebda7fcd3a6599b53dfe6281119ed904cdfca2a5fa83b6eeff455142
Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.
cb1891138c71065ba8a31de094547c27038e14dbb35d632d940934fd3474f59c
Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.
a959e4508099a43ffce4457a32f3fdcb636129404d0c2704c808e2edae17a68f
Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.
8622812f88e985e7306821abbdc0f758934b8fa49410f0223dd4e05e28a1acdb
Debian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.
f609441d6fb4c40057305e6428732ca7ac0e44c809f5eb956a054b02d0ed1ef4
Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
5e76bed3819f315e7a0c764d370439b3892001d90b2731baafa780fd5607d130
Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.
b706fe5111adeb5e4961a0c6b856dd95656c158ab3611e3f050084786321653f
Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.
6a575e49865251ebf28406b8b02755df04cae2bd061603790e201c0c1917a8a9
Debian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.
f57d906dddf94852997ecaf61e4354f8e39782336cb81672d34166c0cb2789b8
Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
28de5aaa27d710a8206df6a847735e65dc15308d136f5b7b5aa81eb3f826812d
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
a6de00e749bc7cbb1d4b7f49c1c267ef1cff9abe7a509d66795892bdafd34351