A ruby-sinatra security update has been released for Debian GNU/Linux 9 Extended LTS to address a vulnerability where a reflected file download (RFD) attack sets the Content-Disposition header of a response when the filename is derived from user-supplied input.
A ruby-rack security update has been released for Debian GNU/Linux 10 LTS to address several vulnerabilities, including a directory traversal vulnerability and a ReDoS vulnerability.
A ruby-rack security update has been released for Debian GNU/Linux 9 Extended LTS to address a couple of ReDoS vulnerabilities.
A ruby-git security update has been released for Debian GNU/Linux 9 Extended LTS to address a couple of vulnerabilities.
A xorg-server security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities that may result in privilege escalation if the X server is running privileged.
A git security update has been released for Debian GNU/Linux 11 to address multiple issues.
A dojo security update has been released for Debian GNU/Linux 10 LTS to address two vulnerabilities that could result in information disclosure.
A varnish security update has been released for Debian GNU/Linux 11 to address an HTTP/2 request forgery vulnerability.
A node-object-path security update has been released for Debian GNU/Linux 10 LTS to address security issues related to prototype pollution.
A sofia-sip security update has been released for Debian GNU/Linux 10 LTS to address missing message length and attribute length checks when handling STUN packages.
A tiff security update has been released for Debian GNU/Linux 11 to address several buffer overflow, divide by zero, and out of bounds read and write vulnerabilities.
Another Liquorix Linux kernel update has been released by Steven Barrett for Debian and Ubuntu with Project-C updates.
A libzen security update has been released for Debian GNU/Linux 10 LTS to address an issue where crafted arguments to a function could lead to an unchecked return value and a null pointer dereference.
An openjdk-11 security update has been released for Debian GNU/Linux 11 to address several vulnerabilities that may result in denial of service or spoofing.
A curl security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities that could result in denial of service or information disclosure.
A libapache-session-browseable-perl security update has been released for Debian GNU/Linux 10 LTS to address an issue where the validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends.
A lemonldap-ng security update has been released for Debian GNU/Linux 10 LTS to address two vulnerabilities that could result in information disclosure or impersonation.
A libapache-session-ldap-perl security update has been released for Debian GNU/Linux 10 LTS to address an issue where the validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends.
A libzen security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue where crafted arguments to a function could lead to an unchecked return value and a null pointer dereference.
A curl security update has been released for Debian GNU/Linux 10 LTS to address several vulnerabilities that could result in denial of service or information disclosure.
A Tor security update has been released for Debian GNU/Linux 10 LTS to address a logic error that did result in allowing unsafe SOCKS4 traffic to pass.
A curl security update has been released for Debian GNU/Linux 11 to address two vulnerabilities that could result in denial of service or information disclosure.
Another Liquorix Linux kernel based on Kernel 6.1.8 has been made available by Steven Barrett for Debian and Ubuntu.
A bind9 security update has been released for Debian GNU/Linux 11 to address several vulnerabilities that may result in denial of service against named.
A libde265 security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple issues that may result in denial of service or have unspecified other impacts.
A modsecurity-apache security update has been released for Debian GNU/Linux 10 LTS to address multiple issues that allow remote attackers to bypass the application firewall and have other unspecified impacts.
A modsecurity-apache security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple issues.
A chromium security update has been released for Debian GNU/Linux 11 to address multiple security issues that could result in the execution of arbitrary code, denial of service, or information disclosure.
A git security update has been released for Debian GNU/Linux 10 LTS to address two vulnerabilities that allowed an attacker to trigger code execution in specific situations.
A new XanMod Linux Kernel based on the latest Linux Kernel 6.1.8 has been released. XanMod is a general-purpose Linux kernel distribution with custom settings and new features. The real-time version is recommended for critical runtime applications such as Linux gaming eSports, streaming, live productions and ultra-low latency enthusiasts.
A php5 security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple security issues that could result in denial of service, information disclosure, insecure cookie handling, or
potentially the execution of arbitrary code.
potentially the execution of arbitrary code.
A libde265 security update has been released for Debian GNU/Linux 10 LTS to address multiple issues that may result in denial of service or have unspecified other impacts.
A swift security update has been released for Debian GNU/Linux 10 LTS to address an issue related to information disclosure.
A nodejs security update has been released for Debian GNU/Linux 11 to address multiple vulnerabilities that could result in HTTP request smuggling, bypass of host IP address validation, and weak randomness setup.
A spip security update has been released for Debian GNU/Linux 11 to address an issue where a malicious user can run SQL injection attacks or bypass authorization access.
A php7.0 security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple security issues that could result in denial of service, information disclosure, insecure cookie handling, or
potentially the execution of arbitrary code.
potentially the execution of arbitrary code.
A linux-4.19 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities that may lead to a privilege escalation, denial of service, or information leaks.
A swift security update has been released for Debian GNU/Linux 11 to address an issue where the S3 API of Swift was susceptible to information disclosure.
Based on Kernel 6.1.8 and featuring an AMDGPU MST regression fix, Steven Barrett has released a new Liquorix Linux kernel for Debian and Ubuntu.
A linux-5.10 security update has been released for Debian GNU/Linux 9 Extended LTS to address several vulnerabilities that may lead to privilege escalation, denial of service, or information leaks.
A trafficserver security update has been released for Debian GNU/Linux 10 LTS to address multiple vulnerabilities.
A Linux security update has been released for Debian GNU/Linux 11 to address several vulnerabilities that may lead to privilege escalation, denial of service, or information leaks.
A powerline-gitstatus security update has been released for Debian GNU/Linux 10 LTS to address an issue that allowed arbitrary code execution.
A tiff security update has been released for Debian GNU/Linux 10 LTS to address multiple vulnerabilities that could lead to denial of service (DoS) and possibly local code execution.
With two fixes for wifi and btrfs, Steven Barrett has released another Liquorix Linux kernel for Debian and Ubuntu based on Kernel 6.1.7.
A lava security update has been released for Debian GNU/Linux 10 LTS to address a denial of service issue.
A webkit2gtk security update has been released for Debian GNU/Linux 11 to address multiple vulnerabilities.
A firefox-esr security update has been released for Debian GNU/Linux 10 LTS to address multiple security issues.
A libitext5-java security update has been released for Debian GNU/Linux 11 to address a command injection issue when parsing a specially crafted filename.
The initial freeze phase for Debian GNU/Linux 12 Bookworm has been announced by the Debian release team. They stopped accepting requests for transitions on January 12 and are now trying to finish the ones that are already underway. The second (soft freeze) and third (hard freeze) milestones are planned for February and March.