="44daa28d7165e7856597605819dd8a2aa51c048f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Andrew Wesie discovered a buffer overflow in the H264 support of the
- -GStreamer multimedia framework, which could potentially result in the
- -execution of arbitra
="a5c79088ff2296ccbad43ece8403cb9d49aa69ac" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in the Chromium web browser,
which
- -could result in the execution of arbitrary code, denial of service
- -or information disclo
="6d1643a67509927d077347faabf9fdb8fdcb2dc5" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Johan Smits discovered that ruby-redcarpet, a markdown parser, did not
- -properly validate its input. This would allow an attacker to mount a
- -cross-site scripting attac
="cc173b8d34b89c7d43e8628759e88ae4a67b7db9" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Simon McVittie discovered a bug in the flatpak-portal service that can
- -allow sandboxed applications to execute arbitrary code on the host system
- -(a sandbox escape).
-
="6deb41e83064921e63d318734179cf3b4d8867e0" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A flaw was discovered in coturn, a TURN and STUN server for VoIP. By
- -default coturn does not allow peers on the loopback addresses
- -(127.x.x.x and ::1). A remote atta
="2250192440b4e4662c2bd0c7ab63e34e6ff313ee" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A security issue was found in the Mozilla Firefox web browser, which
- -could potentially result in the execution of arbitrary code.
+В веб-браузере Mozilla Firefox была об
="c7278d0cf5a2c92a64386bb83ed50bdb7e9b56f4" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Liaogui Zhong discovered two security issues in XStream, a Java library
- -to serialise objects to XML and back again, which could result in the
- -deletion of files or se
="27a3db159df9f47798f0f5c818d5f1dafdd4a815" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in Node.js, which could result in
- -denial of service and potentially the execution of arbitrary code or
- -HTTP request smuggling.
Вт 05 янв 2021 @ 16:12 Vladimir Zhbanov :
> On Tue, Jan 05, 2021 at 09:56:04AM +0500, Lev Lamberov wrote:
>> +Если включена спящий режим для imap, злоумышленник (с корректными
>> данными учётной
> включен_
>> +message/rfc822 (или если её родитель имеет
="28bc87857803972597b697f1aafdfc05773ea8db" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been discovered in the Dovecot email
server.
+В почтовом сервере Dovecot было обнаружено несколько уязвимостей.
https://security-track
="df41ee2d83423c2e6bcdc9061671b96ead8a6074" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that incorrect validation of JWT tokens in InfluxDB,
- -a time series, metrics, and analytics database, could result in
- -authentication bypass.
+Был
="b7239518c823ae53e2826fd2e71efbc6e91007e3" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in the Chromium web browser,
which
- -could result in the execution of arbitrary code, denial of service
- -or information disclo
="ce053bc67f7e188f5978ad5bbfd7c2786669f07c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -David Cook reported several memory safety issues affecting the RPC
- -protocol in p11-kit, a library providing a way to load and enumerate
- -PKCS#11 modules.
+Дэвид Кук
="ac4a3040fa04b98f1db354527f6cdb1ecb042cb4" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail
- -solution for IMAP servers, is prone to a cross-site scripting
- -vulnerability in handli
="6db6669bbf0a79c0b400f97ed17d0e64d26e337b" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Pritam Singh discovered an open redirect in the workflow forms of
+Притам Сингх обнаружил открытое перенаправление в формах работы
OpenStack Horizon.
- -For t
="e16ef96d005299e94ef1566037aa03ca560f5d1f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Stephane Chauveau discovered that the graphics protocol implementation in
- -Kitty, a GPU-based terminal emulator, did not sanitise a filename when
- -returning an err
="3f0f1a56a7218bc43e4769bf32b0352523c9a436" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities were discovered in Sympa, a mailing list
- -manager, which could result in local privilege escalation, denial of
- -service or unauthorized acc
Вс 20 дек 2020 @ 12:21 Galina Anikina :
> On Thu, 2020-12-17 at 14:10 +0500, Lev Lamberov wrote:
>> --- ../../english/security/2020/dsa-4814.wml2020-12-17
>> 14:05:09.871812631 +0500
>> +++ 2020/dsa-4814.wml 2020-12-17 14:10:01.920175292 +0500
>> @@ -1,24 +
="39622941f7edb860ecb91d028749e4646a223ee6" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in the PEAR Archive_Tar package for
- -handling tar files in PHP, potentially allowing a remote attacker to
- -execute arbitrary code or o
="a8cb97c201a8d45a55a7f5eaee9906dba8146ca1" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in MediaWiki, a website engine
- -for collaborative work, which could result in cross-site scripting or
- -the disclosure of hidden u
Чт 17 дек 2020 @ 15:17 shilin.alek...@gmail.com:
> В Чт, 17/12/2020 в 14:10 +0500, Lev Lamberov пишет:
>> Заметьте, что заплата, исправляющая эту проблему, возможно благодаря
>> недавно появившейся утечке памяти.
>
> Здесь другой смысл: заплата, исправляющая проблему с безоп
="363db9b6da2f5fc2a5ca52a848bb373866791844" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in Thunderbird, which may lead
- -to the execution of arbitrary code, denial of service or information
- -leak.
+В Thunderbird
="3bcb07ac79215b801fafacf8e2f96929da3e7a67" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that xerces-c, a validating XML parser library for
- -C++, did not correctly scan DTDs. The use-after-free vulnerability
- -resulting from this issue
="e4169c02d604d087402edc425d03a12498b1acaa" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in the Mozilla Firefox web
- -browser, which could potentially result in the execution of arbitrary
- -code, information disclosure o
="1e5f62f34bcc8da30f41325ca8cb664f8713412c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that the default blacklist of XStream, a Java library
- -to serialise objects to XML and back again, was vulnerable to the
- -execution of arbitrary
="413d84f94ed95dc443860b5c01ced890a3d079ef" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple vulnerabilities have been discovered in the Xen hypervisor:
+В гипервизоре Xen были обнаружены многочисленные уязвимости.
- -Several security issues affecting
="422c1a2029b44bd82236ff5b0b402513dd2c5b8a" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Yaniv Nizry discovered that the clean module of lxml, Python bindings for
- -libxml2 and libxslt could be bypassed.
+Янив Низри обнаружил, что модуль clean для lxml, привязк
translation="5c427e44dc4a1503d5262b5edfba60b490ea0ab1" maintainer="Lev Lamberov"
+Обновлённый Debian 10: выпуск 10.7
2020-12-05
#use wml::debian::news
- -# $Id:
10
buster
@@ -24,27 +24,27 @@
https://packages.debian.org/src:%0;>%0
- -The Debian project is pleased to anno
="5361d530d3775946c18aa99359098765fef27557" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in Apache Traffic Server, a reverse
- -and forward proxy server:
+В Apache Traffic Server, обратном прокси и прокси переадресации, б
="c729654b8b27b17cf75c7c41de57c26fb0f1d02e" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that missing input validation in minidlna, a
- -lightweight DLNA/UPnP-AV server could result in the execution of
- -arbitrary code. In add
="52c25a73651cdd0f6563886626d1d0f9e77703f5" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple vulnerabilities have been discovered in the Xen hypervisor,
- -which could result in denial of service, privilege escalation or
- -information leaks.
+В г
="853e7157b6c69b10b7ad57e8eb149eeb8835c89d" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server
- -performed incomplete input validation, which could result in privilege
- -escalation.
+Ян-Никлас Сон
="1efdaeff47e09a5430403d98cdcceb78fdbdf74c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Chiaki Ishikawa discovered a stack overflow in SMTP server status
- -handling which could potentially result in the execution of arbitrary
- -code.
+Чиаки Ишикава обнар
="640681293aeb5a5c716a7d13d9aa732ea601a106" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A buffer overflow was discovered in Brotli, a generic-purpose lossless
- -compression suite.
+В Brotli, наборе общего назначения для сжатия без потерь,
+было
="cf352e7c81827460aa4e72f28305a794a25189b3" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in libproxy, an automatic proxy
- -configuration management library, which could result in denial of
- -service, or possibly, execution
="0bfac536f987e8669fb3459ac6ce097e4a8556c4" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote
- -access to an existing X session. x11vnc creates shared memory segments
- -with 0777 mode. A loc
="ee39b5bf5c4b20218b693e1097819eda8f312d5c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that SPIP, a website engine for publishing, did not
- -correctly validate its input. This would allow authenticated users to
- -execute arbitrary code.
+
="9008fd088ac7830da54eead9922fc56073220815" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -The following vulnerabilities have been discovered in the webkit2gtk
- -web engine:
+В веб-движке webkit2gtk были обнаружены следующие
+уязвимости:
https://security-
="77f6c6ffc4351230bbf6de54a49a4d73644aa4c1" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Demi Obeneour discovered that unbounded recursion in the ASN1 parser
- -of libkrb5 could result in denial of service.
+Деми Обенур обнаружил, что неограниченная рекурс
="a2fe5cd27b7eedde80ea1e6ca891c1ae5314fcc1" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in Thunderbird, which may lead
- -to the execution of arbitrary code or denial of service.
+В Thunderbird были обнаружены многоч
="a77a111514f428d19555f1fbbcfd53999d9d5f39" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight
- -PDF viewer, which may result in denial of service or the execution of
- -arbitrary code if malf
="01ea964cfe7307b04fa9acda572fbb35e75d9d34" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in the Mozilla Firefox web
- -browser, which could potentially result in the execution of arbitrary
- -code, information disclosure,
="e6c23bf32eb3390fbeabb08bb19f804fcbc2efb3" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities in the certificate list syntax verification and
- -in the handling of CSN normalization were discovered in OpenLDAP, a
- -free implementation of th
Вт 17 ноя 2020 @ 10:18 Galina Anikina :
> On Mon, 2020-09-28 at 11:16 +0500, Lev Lamberov wrote:
>> +> deepCopy [CVE-2020-5258] в в методе jqMix [CVE-2020-5259]">
> в в ... два "в"
>> +> неправильно выровненного слоя фигуры">
>
> может -
Вт 17 ноя 2020 @ 09:48 Galina Anikina :
> On Fri, 2020-11-13 at 15:39 +0500, Lev Lamberov wrote:
>> -If the enable-acl cluster option isn't enabled, members of
>> the
>> -haclient group can modify Pacemaker's Cluster Information
>> Base without
>> -rest
Вт 17 ноя 2020 @ 09:50 Galina Anikina :
> On Thu, 2020-11-12 at 16:52 +0500, Lev Lamberov wrote:
>> +на языке JavaScript, уязвим в отказу в обслуживании из-за ошибки в
>> +регулярных выражениях.
> уязвим К отказу в обслуживании
Исправил. Спасибо!
Вт 17 ноя 2020 @ 09:53 Galina Anikina :
> On Thu, 2020-11-05 at 21:00 +0500, Lev Lamberov wrote:
>> +Фабиан Фогт обнаружил уязвимость в sddm, современной дисплейном
>> менеджере для X11.
> современноМ
Исправил. Спасибо!
Вт 17 ноя 2020 @ 10:19 Galina Anikina :
> On Fri, 2020-09-25 at 21:43 +0500, Lev Lamberov wrote:
>> +выполнению кода, подделке межсайтовых запросо и обходу ограничений
>> загрузки.
> межсайтовыХ
Исправил. Спасибо!
="2ef47fea430f56ad287c79129641120cbea6aef8" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A use-after-free was found in Thunderbird, which could potentially result
- -in the execution of arbitrary code.
+В Thunderbird было обнаружено использование указателей после
="b35f3578f60fe18b9150a0924ba18826c4d6be4c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Ken Gaillot discovered a vulnerability in the Pacemaker cluster
- -resource manager: If ACLs were configured for users in the haclient
- -group, the ACL restrictions could be
="d9df05ea9bcda9e60d3904cbe3a0f3b2bab462dd" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that codemirror, a browser-based text editor
- -implemented in JavaScript, was vulnerable to regular expression
- -denial-of-service.
+Было обнаруже
="818bc9ca653d5fd8cdbc924b0732dffb39f9d3ec" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in moin, a Python clone of
WikiWiki.
+В moin, клоне WikiWiki на языке Python, были обнаружены две уязвимости.
https://security-
="fe4c1fad846bf71114de153423dd8c842e66ed7d" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that a boundary check in libexif, a library to parse
- -EXIF files, could be optimised away by the compiler, resulting in
- -a potential buffer overflow.
="38473d2400c549003eb093bbd5cd612b743114dd" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that raptor2, an RDF parser library, is prone to
- -heap-based buffer overflow flaws, which could result in denial of
- -service, or potentially t
="62e867385e657a2c428718f79bffc5913ae54876" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Fabian Vogt discovered a flaw in sddm, a modern display manager for X11.
- -A local attacker can take advantage of a race condition when creating
- -the Xauthority file t
="3b636d189609fe2f99f2d043ce92a23b50564375" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A vulnerability in the handling of normalization with modrdn was
- -discovered in OpenLDAP, a free implementation of the Lightweight
- -Directory Access Protocol. An unaut
="24a8e6648a8e931c21fe16282c314fc49bd9e50f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Vaisha Bernard discovered that Blueman, a graphical bluetooth manager
- -performed insufficient validation on a D-Bus interface, which could
- -result in denial of service o
="77fef7df03831026857223475848c017b9663843" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in Thunderbird, which may lead
- -to the execution of arbitrary code or denial of service.
+В Thunderbird были обнаружены многоч
="49c9c02fcd35a748d1bc71dbd76f36e2398379b9" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been discovered in the OpenJDK Java runtime,
- -which could result in denial of service, information disclosure, bypass of
- -access/sandbox
="ed1e1f09f1a02b5fb64ecaaa2d2c1ad889848e27" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Sergei Glazunov discovered a heap-based buffer overflow vulnerability in
- -the handling of embedded PNG bitmaps in FreeType. Opening malformed
- -fonts may result in deni
="ed4ab617fb1a1ab8f472460310403cbe8e0ab0b2" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in the Mozilla Firefox web
- -browser, which could potentially result in the execution of arbitrary
- -code.
+В веб-браузере M
="7abec7b84c0b87a48c40352b6c19775c91833576" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A security issue was discovered in the MariaDB database server.
+В сервере баз данных MariaDB была обнаружена проблема безопасности.
- -For the stable distribution (buster
="47ed719741866bf1f4d6a0b2a4d1fc150669ebcc" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A directory traversal vulnerability was discovered in python-flask-cors,
- -a Flask extension for handling Cross Origin Resource Sharing (CORS),
- -allowing to access priv
="43f8d7b8b91b167696b5c84ec0911bab7b7073f2" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to the execution of arbitrary code, privilege escalation,
- -denial of service or informa
="7c87d7393452c5b5f751f8802a32709ff0440f1d" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1
- -webserver written in Erlang.
+В yaws, высокопроизводительном веб-сервере HTTP 1.1, написанном на я
="8694e8a0aa6b66cc5eac0865b3ee6a1d16f88792" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent
- -implementation, could misinterpret malformed authority component in a
- -request URI and pick the
="222ebe7a6bf792277dd58f45e6374e0bd033" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Frediano Ziglio discovered multiple buffer overflow vulnerabilities in
- -the QUIC image decoding process of spice, a SPICE protocol client and
- -server library, which cou
="ff8a3d6698e4eb0dad68c425924fd9c4c266c453" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in Thunderbird, which may lead
- -to the execution of arbitrary code or denial of service.
+В Thunderbird были обнаружены многоч
="084086e7e0be0ea4314be25891e17ee613e4971f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple vulnerabilities have been discovered in the Xen hypervisor,
- -which could result in denial of service, guest-to-host privilege
- -escalation or information
="48834d10a4104ac36c3f9d5f545e09374d165f06" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in the Mozilla Firefox web
- -browser, which could potentially result in the execution of arbitrary
- -code, cross-site sc
Пн 28 сен 2020 @ 12:58 Vladimir Zhbanov :
> On Mon, Sep 28, 2020 at 11:16:36AM +0500, Lev Lamberov wrote:
>> +> CVE-2020-14363]">
>> +> и удобства использования">
>
> О_б_ратный перенос нескольких исправлени_й_ безопасности и _улучшений_
> уд
translation="cc3aa11466129a6224ab33a305a554cb8d65f63c" maintainer="Lev Lamberov"
+Обновлённый Debian 10: выпуск 10.6
2020-09-26
#use wml::debian::news
- -# $Id:
10
buster
@@ -24,106 +24,103 @@
https://packages.debian.org/src:%0;>%0
- -The Debian project is pleased to an
="dbf424479529f1ce388c9563597e59b1ae9a621e" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in MediaWiki, a website engine
- -for collaborative work: SpecialUserRights could leak whether a user
- -existed or not, m
="7f3364db3e477a10e1a23c76dc53d567620d9ab7" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in the Rails web framework
- -which could result in cross-site scripting, information leaks, code
- -execution, cross-site reque
="b065b1cb4aeee3043ecfbff6dedae4d7f50fbcaf" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Ervin Hegedues discovered that ModSecurity v3 enabled global regular
- -expression matching which could result in denial of service. For
- -additional information please refe
="5f3e79ef877d23efa55fa544436afab853649de5" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Two security issues were discovered in the pgsql and mysql modules of
- -the InspIRCd IRC daemon, which could result in denial of service.
+В модулях pgsql и mysql для IRC-с
="f4c135d01ebacd4f69abc7f34e19ce2af0d49d07" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that insufficient sanitising of received network
- -packets in the game server of Teeworlds, an online multi-player platform
- -2D shooter, could resu
="77a1a54a1e720b7b6a4728d7991dec5b71920476" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that the default configuration files for running the
- -Lemonldap::NG Web SSO system on the Nginx web server were susceptible
- -to authorisation bypass o
="176fe9aed0fbc36fe1bc0303df50e4f7e7fa68d4" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that ZeroMQ, a lightweight messaging kernel library
- -does not properly handle connecting peers before a handshake is
- -completed. A remote, una
="ae43a20b2d5aa41f311b5844ffc0f9d06f6b1090" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in QEMU, a fast processor
- -emulator:
+В QEMU, быстром эмуляторе процессора, были обнаружены многочисленные
проблемы
+безопас
="54cb7987eeaacf4385374a59f97f480a812c4ae5" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Fabian Vogt reported that the Ark archive manager did not sanitise
- -extraction paths, which could result in maliciously crafted archives
- -with symlinks writing ou
="bfcc219f5681a7e9fe3402cc59af5549d48a67c0" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been discovered in the X.Org X server.
- -Missing input sanitising in X server extensions may result in local
- -privilege escalation if the
Ср 02 сен 2020 @ 13:23 Galina Anikina :
> On Mon, 2020-08-31 at 21:01 +0500, Lev Lamberov wrote:
>> --- ../../english/security/2020/dsa-4757.wml 2020-08-31
>> 20:50:14.602974313 +0500
>> +++ 2020/dsa-4757.wml2020-08-31 21:00:13.558894850 +0500
>> @@ -1,50 +
="2592e40c5d7143a6f575ff96f6127ba4fb3f18d5" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been found in the Apache HTTPD server.
+В HTTPD-сервере Apache было обнаружено несколько уязвимостей.
https://security-tracker.debian.
Вс 30 авг 2020 @ 00:46 Galina Anikina :
> On Fri, 2020-08-28 at 11:31 +0500, Lev Lamberov wrote:
>> --- ../../english/security/2020/dsa-4752.wml 2020-08-28
>> 11:22:10.864197686 +0500
>> +++ 2020/dsa-4752.wml2020-08-28 11:31:27.190671477 +0500
>> @@ -1,45 +
="958314d2c44403b1e7e52a101ee2cceaba26ea73" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in Thunderbird which could
- -result in the execution of arbitrary code or the unintended installation
- -of extensions.
="780d252ffaf680836cda837cd5f28e1485f96081" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were found in the OpenEXR image library, which
- -could result in denial of service and potentially the execution of
- -arbitrary code when proces
="3fbbca4921406382e3b6172f575f8c87cbcc5ea6" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Faidon Liambotis discovered that Lilypond, a program for typesetting
- -sheet music, did not restrict the inclusion of Postscript and SVG
- -commands when operating in
="ac7ded650ad95977c0af57ac41dc59efcd7e5d28" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight
- -PDF viewer, which may result in denial of service or the execution of
- -arbitrary code if a ma
="5346ad19e1bb39a2123f70e49de6fe4ffa9caa5b" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities were discovered in BIND, a DNS server
- -implementation.
+В BIND, реализации DNS-сервера, было обнаружено несколько
+уязвимостей.
https://secur
="f542876b792062f3c2d2e7040bc21033b1fbc887" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities were discovered in Squid, a fully featured web
- -proxy cache, which could result in request splitting, request smuggling
- -(leading to cache poisoni
="7060e6d28fcf2f959a5d7be907131d1d7b70b7f4" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was reported that the Lua module for Nginx, a high-performance web
- -and reverse proxy server, is prone to a HTTP request smuggling
- -vulnerability.
+Было сообщено, чт
="17f01874d49c6a574936a09667741e3d63ccdbda" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues have been found in the Mozilla Firefox web
- -browser, which could potentially result in the execution of arbitrary
- -code or unintended or malici
="f608e4db49e6cb7ea48b9fee91ffab3cc8d5c11c" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Multiple security issues were discovered in Ghostscript, the GPL
- -PostScript/PDF interpreter which could result in denial of service and
- -potentially the execution
="518a7803359678db05da2d9b06e674aab4073a2f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A directory traversal vulnerability was discovered in Icinga Web 2, a
- -web interface for Icinga, which could result in the disclosure of files
- -readable by the process.
+
="4336abe86a49e12943eb9b9ea334670f09ed6b54" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities were discovered in net-snmp, a suite of Simple
- -Network Management Protocol applications, which could lead to privilege
- -escalation.
+В net-
="7fbf113ef094837f72d2bdb71154488accfe2afb" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Several vulnerabilities have been discovered in the Dovecot email
- -server.
+В почтовом сервере Dovecot было обнаружено несколько
+уязвимостей.
https://security-track
="143b5edcd9c9f2a19ad8b68426833a133c5cfe48" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -It was discovered that roundcube, a skinnable AJAX based webmail
- -solution for IMAP servers, is prone to cross-site scripting
- -vulnerabilities in handling invalid s
="8d1a7f256ceac3440cf5499bfeeb299321730754" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown
- -parser and converter, which could result in unintended read access to
- -files or unintended emb
="2f2e4e4ed7b781eff447b99c3d177c672b61e21f" mindelta="1"
maintainer="Lev Lamberov"
+обновление безопасности
- -Tim Starling discovered two vulnerabilities in firejail, a sandbox
- -program to restrict the running environment of untrusted applications.
+Тим Старлинг обнаружил две уя
Результаты 1 - 100 из 3405 matches
Mail list logo
