Debian LTS Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
LinuxSecurity Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian LTS: DLA-3787-1: xorg-server Security Advisory Updateson April 15, 2024 at 1:22 pm
Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080
- Debian LTS: DLA-3786-1: pillow Advisory Security Updateon April 10, 2024 at 8:54 pm
A buffer overflow in _imagingcms.c was fixed in Pillow, an image processing library for Python. For Debian 10 buster, this problem has been fixed in version
- Debian LTS: DLA-3785-1: gtkwave security updateon April 9, 2024 at 8:24 pm
Multiple security issues have been fixed in the waveform viewer GTKWave by upgrading to a more recent upstream version. For Debian 10 buster, these problems have been fixed in version
- Debian LTS: DLA-3783-1: expat security updateon April 9, 2024 at 4:41 am
Expat, an XML parsing C library has been found to have an vulnerability that allows an attacker to perform a denial of service (resource consumption, when many full reparsings are required in the case of a large tokens.
- Debian LTS: DLA-3782-1: util-linux security updateon April 7, 2024 at 10:40 am
CVE-2024-28085 Skyler Ferrante discovered that the wall(1) utility found in util-linux, a collection of system utilities for Linux, does not
- Debian LTS: DLA-3784-1: libcaca security updateon April 7, 2024 at 8:42 am
Two issues have been found in libcaca, a colour ASCII art library. Both are related to heap buffer overflow, which might lead to memory corruption.
- Debian LTS: DLA-3781-1: libgd2 security updateon April 6, 2024 at 11:26 pm
Several issues have been found in libgd2, a GD Graphics Library. They are related to out-of-bounds reads or NULL pointer derefence allowing denial of service attacks.
- Debian LTS: DLA-3780-1: jetty9 security updateon April 6, 2024 at 9:07 pm
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
- Debian LTS: DLA-3779-1: tomcat9 security updateon April 6, 2024 at 5:26 am
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2024-24549