Several vulnerabilities have been discovered in the GRUB2 bootloader.

  - CVE-2020-14372     It was discovered that the acpi command allows a     privileged user to load crafted ACPI tables when Secure     Boot is enabled.

  - CVE-2020-25632     A use-after-free vulnerability was found in the rmmod     command.

  - CVE-2020-25647     An out-of-bound write vulnerability was found in the     grub_usb_device_initialize() function, which is called     to handle USB device initialization.

  - CVE-2020-27749     A stack-based buffer overflow flaw was found in     grub_parser_split_cmdline.

  - CVE-2020-27779     It was discovered that the cutmem command allows a     privileged user to remove memory regions when Secure     Boot is enabled.

  - CVE-2021-20225     A heap out-of-bounds write vulnerability was found in     the short form option parser.

  - CVE-2021-20233     A heap out-of-bound write flaw was found caused by     mis-calculation of space required for quoting in the     menu rendering.

  Further detailed information can be found at   https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.

For Debian 9 stretch, this problem has been fixed in version 3.1.4-4~deb9u4+deb9u1.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spip

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Adminer is an open source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.

For Debian 9 stretch, this problem has been fixed in version 4.2.5-3+deb9u2.

We recommend that you upgrade your adminer packages.

For the detailed security status of adminer please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/adminer

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

For Debian 9 stretch, this problem has been fixed in version 2:2.4-1+deb9u9.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

For Debian 9 stretch, these problems have been fixed in version 1:78.8.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks.

Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

For Debian 9 stretch, these problems have been fixed in version 78.8.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.

Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard.

CVE-2017-1000433

pysaml2 accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

CVE-2021-21239

pysaml2 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only
_x509 certificates_ for the verification process of the SAML document signature.

For Debian 9 stretch, these problems have been fixed in version 3.0.0-5+deb9u2.

We recommend that you upgrade your python-pysaml2 packages.

For the detailed security status of python-pysaml2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/python-pysaml2

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

It was discovered that there were a number of integer overflow issues in Redis, a persistent 'NoSQL'-style key-value database. It is currently believed that the issues only affect 32-bit based systems.

For Debian 9 'Stretch', this problem has been fixed in version 3:3.2.6-3+deb9u4.

We recommend that you upgrade your redis packages.

For the detailed security status of redis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redis

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence.

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash) via specially crafted packets.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2021-21148     Mattias Buelens discovered a buffer overflow issue in     the v8 JavaScript library.

  - CVE-2021-21149     Ryoya Tsukasaki discovered a stack overflow issue in the     Data Transfer implementation.

  - CVE-2021-21150     Woojin Oh discovered a use-after-free issue in the file     downloader.

  - CVE-2021-21151     Khalil Zhani discovered a use-after-free issue in the     payments system.

  - CVE-2021-21152     A buffer overflow was discovered in media handling.

  - CVE-2021-21153     Jan Ruge discovered a stack overflow issue in the GPU     process.

  - CVE-2021-21154     Abdulrahman Alqabandi discovered a buffer overflow issue     in the Tab Strip implementation.

  - CVE-2021-21155     Khalil Zhani discovered a buffer overflow issue in the     Tab Strip implementation.

  - CVE-2021-21156     Sergei Glazunov discovered a buffer overflow issue in     the v8 JavaScript library.

  - CVE-2021-21157     A use-after-free issue was discovered in the Web Sockets     implementation.

It was discovered that there was a buffer overflow attack in the bind9 DNS server caused by an issue in the GSSAPI ('Generic Security Services') security policy negotiation.

For Debian 9 'Stretch', this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u8.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.

For Debian 9 stretch, this problem has been fixed in version 1.1.2-1+deb9u1.

We recommend that you upgrade your libzstd packages.

For the detailed security status of libzstd please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libzstd

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API.
An attacker could take control of a user's mailbox by sending a crafted e-mail.

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition (where the Horde_Text_Filter library is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

For Debian 9 stretch, this problem has been fixed in version 2.3.5-1+deb9u1.

We recommend that you upgrade your php-horde-text-filter packages.

For the detailed security status of php-horde-text-filter please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-text-filter

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

For Debian 9 stretch, this problem has been fixed in version 4.5.0-6+deb9u1.

We recommend that you upgrade your screen packages.

For the detailed security status of screen please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/screen

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch.

CVE-2020-35498

Denial of service attacks, in which crafted network packets could cause the packet lookup to ignore network header fields from layers 3 and 4. The crafted network packet is an ordinary IPv4 or IPv6 packet with Ethernet padding length above 255 bytes. This causes the packet sanity check to abort parsing header fields after layer 2.

CVE-2020-27827

Denial of service attacks using crafted LLDP packets.

CVE-2018-17206

Buffer over-read issue during BUNDLE action decoding.

CVE-2018-17204

Assertion failure due to not validating information (group type and command) in OF1.5 decoder.

CVE-2017-9214

Buffer over-read that is caused by an unsigned integer underflow.

CVE-2015-8011

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.

For Debian 9 stretch, these problems have been fixed in version 2.6.10-0+deb9u1. This version is a new upstream point release.

We recommend that you upgrade your openvswitch packages.

For the detailed security status of openvswitch please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openvswitch

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash) via specially crafted packets.

For Debian 9 stretch, this problem has been fixed in version 2.4.44+dfsg-5+deb9u8.

We recommend that you upgrade your openldap packages.

For the detailed security status of openldap please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openldap

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework.

This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parse_qsl method which had been backported to Django's codebase to fix some other security issues in the past.

For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u11.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution.

On request, together with this upload support for WPA-EAP-SUITE-B(-192) has been enabled.

For Debian 9 stretch, this problem has been fixed in version 2:2.4-1+deb9u8.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The following vulnerabilities have been discovered in the webkit2gtk web engine :

  - CVE-2020-13558     Marcin Noga discovered that processing maliciously     crafted web content may lead to arbitrary code     execution.

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, cookie forgery or incorrect encryption.

It was discovered that there were two issues in the openssl cryptographic system :

  - CVE-2021-23840: Prevent an issue where 'Digital     EnVeloPe' EVP-related calls could cause applications to     behave incorrectly or even crash.

  - CVE-2021-23841: Prevent an issue in the X509 certificate     parsing caused by the lack of error handling while     ingesting the 'issuer' field.

For Debian 9 'Stretch', these problems have been fixed in version 1.1.0l-1~deb9u3.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a a remote code execution vulnerability in mumble, a VoIP client commonly used for group chats.
The exploit could have been been triggered by a maliciously crafted URL on the server list. 

For Debian 9 'Stretch', this problem has been fixed in version 1.2.18-1+deb9u2.

We recommend that you upgrade your mumble packages.

For the detailed security status of mumble please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/mumble

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). An attacker could trigger a denial of service (DoS), information leak, and possibly execute arbitrary code with the privileges of the QEMU process on the host.

CVE-2020-15469

A MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

CVE-2020-15859

QEMU has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

CVE-2020-25084

QEMU has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

CVE-2020-28916

hw/net/e1000e_core.c has an infinite loop via an RX descriptor with a NULL buffer address.

CVE-2020-29130

slirp.c has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE-2020-29443

ide_atapi_cmd_reply_end in hw/ide/atapi.c allows out-of-bounds read access because a buffer index is not validated.

CVE-2021-20181

9pfs: ZDI-CAN-10904: QEMU Plan 9 file system TOCTOU privilege escalation vulnerability.

CVE-2021-20221

aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field.

For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u13.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an out-of-bounds read.

For Debian 9 stretch, this problem has been fixed in version 0.8.3-1+deb9u1.

We recommend that you upgrade your libbsd packages.

For the detailed security status of libbsd please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libbsd

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there were two issues in the 1.0 branch of the OpenSSL cryptographic system :

  - CVE-2021-23840: Prevent an issue where 'Digital     EnVeloPe' EVP-related calls could cause applications to     behave incorrectly or even crash.

  - CVE-2021-23841: Prevent an issue in the X509 certificate     handling caused by the lack of error handling whilst     parsing 'issuer' fields.

For Debian 9 'Stretch', these problems have been fixed in version 1.0.2u-1~deb9u4. For the equivalent changes for the 1.1 branch of OpenSSL, please see DLA-2563-1.

We recommend that you upgrade your openssl1.0 packages.

For the detailed security status of openssl1.0 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openssl1.0

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code.

Several issues have been found in unrar-free, an unarchiver for .rar files.

CVE-2017-14120

This CVE is related to a directory traversal vulnerability for RAR v2 archives.

CVE-2017-14121

This CVE is related to NULL pointer dereference flaw triggered by a specially crafted RAR archive.

CVE-2017-14122

This CVE is related to stack-based buffer over-read.

For Debian 9 stretch, these problems have been fixed in version 1:0.0.1+cvs20140707-1+deb9u1.

We recommend that you upgrade your unrar-free packages.

For the detailed security status of unrar-free please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/unrar-free

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.

Additional details can be found in the upstream advisories https://www.openssl.org/news/secadv/20191206.txt and https://www.openssl.org/news/secadv/20210216.txt.

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.

Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet.

Mechanize is an open source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability.

Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel#open method.

For Debian 9 stretch, this problem has been fixed in version 2.7.5-1+deb9u1.

We recommend that you upgrade your ruby-mechanize packages.

For the detailed security status of ruby-mechanize please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-mechanize

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package.

CVE-2020-12662

Unbound has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12663

Unbound has an infinite loop via malformed DNS answers received from upstream servers.

CVE-2020-28935

Unbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink instead of a regular file. 

For Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u1.

We recommend that you upgrade your unbound1.9 packages.

For the detailed security status of unbound1.9 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/unbound1.9

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

For Debian 9 stretch, this problem has been fixed in version 327-2+deb9u1.

We recommend that you upgrade your xterm packages.

For the detailed security status of xterm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xterm

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Thomas Akesson discovered a remotely triggerable vulnerability in the mod_authz_svn module in Subversion, a version control system. When using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option an unauthenticated remote client can take advantage of this flaw to cause a denial of service by sending a request for a non-existing repository URL.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2020-27815

A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.

CVE-2020-27825

Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.

CVE-2020-27830

Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.

CVE-2020-28374

David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.

CVE-2020-29568 (XSA-349)

Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.

CVE-2020-29569 (XSA-350)

Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.

CVE-2020-29660

Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.

CVE-2020-29661

Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.

CVE-2020-36158

A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.

CVE-2021-3347

It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

CVE-2021-20177

A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.

For Debian 9 stretch, these problems have been fixed in version 4.19.171-2~deb9u1.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Busybox, utility programs for small and embedded systems, was affected by several security vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues.

CVE-2011-5325

A path traversal vulnerability was found in Busybox implementation of tar. tar will extract a symlink that points outside of the current working directory and then follow that symlink when extracting other files. This allows for a directory traversal attack when extracting untrusted tarballs.

CVE-2013-1813

When device node or symlink in /dev should be created inside 2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate directories are created with incorrect permissions.

CVE-2014-4607

An integer overflow may occur when processing any variant of a 'literal run' in the lzo1x_decompress_safe function. Each of these three locations is subject to an integer overflow when processing zero bytes. This exposes the code that copies literals to memory corruption.

CVE-2014-9645

The add_probe function in modutils/modprobe.c in BusyBox allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an 'ifconfig /usbserial up' command or a 'mount -t /snd_pcm none /' command.

CVE-2016-2147

Integer overflow in the DHCP client (udhcpc) in BusyBox allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

CVE-2016-2148

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

CVE-2017-15873

The get_next_block function in archival/libarchive /decompress_bunzip2.c in BusyBox has an Integer Overflow that may lead to a write access violation.

CVE-2017-16544

In the add_match function in libbb/lineedit.c in BusyBox, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

CVE-2018-1000517

BusyBox contains a Buffer Overflow vulnerability in Busybox wget that can result in a heap-based buffer overflow. This attack appears to be exploitable via network connectivity.

CVE-2015-9621

Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address.

For Debian 9 stretch, these problems have been fixed in version 1:1.22.0-19+deb9u1.

We recommend that you upgrade your busybox packages.

For the detailed security status of busybox please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/busybox

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was an insecure temporary file issue that could have lead to disclosure of arbitrary local files.

For Debian 9 'Stretch', this problem has been fixed in version 1:4.1.7-2+deb9u3.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, a sandbox program to restrict the running environment of untrusted applications, which could result in root privilege escalation. This update disables OverlayFS support in firejail.

For Debian 9 stretch, this problem has been fixed in version 0.9.44.8-2+deb9u2.

We recommend that you upgrade your firejail packages.

For the detailed security status of firejail please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/firejail

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that zstd, a compression utility, temporarily exposed a world-readable version of its input even if the original file had restrictive permissions.

Two issues have been found in slirp, a SLIP/PPP emulator using a dial up shell account.

CVE-2020-7039

Due to mismanagement of memory, a heap-based buffer overflow or other out-of-bounds access might happen, which can lead to a DoS or potential execute arbitrary code.

CVE-2020-8608

Prevent a buffer overflow vulnerability due to incorrect usage of return values from snprintf.

For Debian 9 stretch, these problems have been fixed in version 1:1.0.17-8+deb9u1.

We recommend that you upgrade your slirp packages.

For the detailed security status of slirp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slirp

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in the implementation of the Go programming language, which could result in denial of service and the P-224 curve implementation could generate incorrect outputs.

A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.

For Debian 9 stretch, these problems have been fixed in version 1.33-3+deb9u2.

We recommend that you upgrade your connman packages.

For the detailed security status of connman please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/connman

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Claudio Bozzato of Cisco Talos discovered an exploitable integer overflow vulnerability in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

For Debian 9 stretch, these problems have been fixed in version 1.0.7-6+deb9u1.

We recommend that you upgrade your xcftools packages.

For the detailed security status of xcftools please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/xcftools

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Severity
146986	Debian DSA-4867-1 : grub2 - security update	high
146981	Debian DLA-2579-1 : spip security update	high
146974	Debian DLA-2580-1 : adminer security update	medium
146968	Debian DLA-2581-1 : wpa security update	high
146945	Debian DLA-2578-1 : thunderbird security update	medium
146942	Debian DSA-4866-1 : thunderbird - security update	medium
146926	Debian DSA-4863-1 : nodejs - security update	high
146922	Debian DSA-4865-1 : docker.io - security update	medium
146919	Debian DLA-2575-1 : firefox-esr security update	medium
146895	Debian DSA-4864-1 : python-aiohttp - security update	medium
146893	Debian DLA-2577-1 : python-pysaml2 security update	medium
146892	Debian DSA-4862-1 : firefox-esr - security update	medium
146887	Debian DLA-2576-1 : redis security update	high
146791	Debian DSA-4861-1 : screen - security update	high
146787	Debian DSA-4859-1 : libzstd - security update	high
146786	Debian DSA-4860-1 : openldap - security update	medium
146757	Debian DSA-4858-1 : chromium - security update	medium
146736	Debian DLA-2568-1 : bind9 security update	medium
146725	Debian DLA-2573-1 : libzstd security update	high
146700	Debian DLA-2564-1 : php-horde-text-filter security update	medium
146699	Debian DLA-2570-1 : screen security update	high
146677	Debian DLA-2571-1 : openvswitch security update	high
146667	Debian DLA-2574-1 : openldap security update	medium
146666	Debian DLA-2569-1 : python-django security update	medium
146665	Debian DLA-2572-1 : wpa security update	high
146617	Debian DSA-4854-1 : webkit2gtk - security update	high
146613	Debian DSA-4856-1 : php7.3 - security update	medium
146612	Debian DLA-2563-1 : openssl security update	high
146610	Debian DLA-2562-1 : mumble security update	medium
146609	Debian DLA-2560-1 : qemu security update	medium
146608	Debian DLA-2566-1 : libbsd security update	medium
146604	Debian DLA-2565-1 : openssl1.0 security update	high
146603	Debian DSA-4857-1 : bind9 - security update	medium
146602	Debian DLA-2567-1 : unrar-free security update	medium
146599	Debian DSA-4855-1 : openssl - security update	medium
146562	Debian DSA-4853-1 : spip - security update	high
146561	Debian DSA-4852-1 : openvswitch - security update	high
146555	Debian DLA-2561-1 : ruby-mechanize security update	high
146527	Debian DLA-2556-1 : unbound1.9 security update	medium
146521	Debian DLA-2558-1 : xterm security update	high
146514	Debian DSA-4851-1 : subversion - security update	high
146512	Debian DLA-2557-1 : linux-4.19 security update	high
146504	Debian DLA-2559-1 : busybox security update	high
146473	Debian DLA-2555-1 : netty security update	low
146466	Debian DLA-2554-1 : firejail security update	medium
146389	Debian DSA-4850-1 : libzstd - security update	high
146372	Debian DLA-2551-1 : slirp security update	medium
146371	Debian DSA-4848-1 : golang-1.11 - security update	medium
146361	Debian DLA-2552-1 : connman security update	medium
146360	Debian DLA-2553-1 : xcftools security update	medium

Debian Local Security Checks Family for Nessus

high

high

medium

high

medium

medium

high

medium

medium

medium

medium

medium

high

high

high

medium

medium

medium

high

medium

high

high

medium

medium

high

high

medium

high

medium

medium

medium

high

medium

medium

medium

high

high

high

medium

high

high

high

high

low

medium

high

medium

medium

medium

medium