It was discovered that insufficient sanitising of received network packets in the game server of Teeworlds, an online multi-player platform 2D shooter, could result in denial of service.

It was discovered that there was an issue around revealing passwords in the 'gnome-shell' component of the GNOME desktop.

In certain configurations, when logging out of an account the password box from the login dialog could reappear with the password visible in cleartext.

For Debian 9 'Stretch', this problem has been fixed in version 3.22.3-3+deb9u1.

We recommend that you upgrade your gnome-shell packages.

For the detailed security status of gnome-shell please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code.

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

CVE-2020-13253

An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent 'address' which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS.

CVE-2020-14364

An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines.

CVE-2020-16092

An assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c

For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u11.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a denial of service attack in libproxy, a library to make applications HTTP proxy aware. A remote server could cause an infinite stack recursion.

For Debian 9 'Stretch', this problem has been fixed in version 0.4.14-2+deb9u1.

We recommend that you upgrade your libproxy packages.

For the detailed security status of libproxy please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libproxy

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities were discovered in Wordpress, a popular content management framework.

CVE-2019-17670

WordPress has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

CVE-2020-4047

Authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them.

CVE-2020-4048

Due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.

CVE-2020-4049

When uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page.

CVE-2020-4050

Misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users.

Additionally, this upload ensures latest comments can only be viewed from public posts, and fixes back the user activation procedure.

For Debian 9 stretch, these problems have been fixed in version 4.7.18+dfsg-1+deb9u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a directory traversal attack in pip, the Python package installer.

When an URL was given in an install command, as a Content-Disposition header was permitted to have '../' components in their filename, arbitrary local files (eg. /root/.ssh/authorized_keys) could be overidden.

For Debian 9 'Stretch', this problem has been fixed in version 9.0.1-2+deb9u2.

We recommend that you upgrade your python-pip packages.

For the detailed security status of python-pip please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/python-pip

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security vulnerabilities were corrected in libxml2, the GNOME XML library.

CVE-2017-8872

Global buffer-overflow in the htmlParseTryOrFinish function.

CVE-2017-18258

The xz_head function in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs may be vulnerable to a denial of service attack.

CVE-2018-14567

If the option --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file.

CVE-2019-19956

The xmlParseBalancedChunkMemoryRecover function has a memory leak related to newDoc->oldNs.

CVE-2019-20388

A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service.

CVE-2020-7595

Infinite loop in xmlStringLenDecodeEntities can cause a denial of service.

CVE-2020-24977

Out-of-bounds read restricted to xmllint --htmlout.

For Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u3.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents.

For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1.

We recommend that you upgrade your grunt packages.

For the detailed security status of grunt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grunt

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default.

It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled can take advantage of this flaw to cause a denial of service affecting authenticated and encrypted clients.

Multiple security issues were discovered in QEMU, a fast processor emulator :

  - CVE-2020-12829     An integer overflow in the sm501 display device may     result in denial of service.

  - CVE-2020-14364     An out-of-bounds write in the USB emulation code may     result in guest-to-host code execution.

  - CVE-2020-15863     A buffer overflow in the XGMAC network device may result     in denial of service or the execution of arbitrary code.

  - CVE-2020-16092     A triggerable assert in the e1000e and vmxnet3 devices     may result in denial of service.

Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.

Several vulnerabilities have been discovered in the X.Org X server.
Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges. In addition an ASLR bypass was fixed.

lemonldap-ng community fixed a vulnerability in the Nginx default configuration files (CVE-2020-24660). Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should verify your configuration files.

For Debian 9 stretch, this problem has been fixed in version 1.9.7-3+deb9u4.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079

Several security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in netty-3.9, a Java NIO client/server socket framework.

CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a 'Transfer-Encoding : chunked' line), which leads to HTTP request smuggling.

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an 'invalid fold.'

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

For Debian 9 stretch, these problems have been fixed in version 3.9.9.Final-1+deb9u1.

We recommend that you upgrade your netty-3.9 packages.

For the detailed security status of netty-3.9 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/netty-3.9

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in netty, a Java NIO client/server socket framework.

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an 'invalid fold.'

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CVE-2020-7238

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

For Debian 9 stretch, these problems have been fixed in version 1:4.1.7-2+deb9u2.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

For Debian 9 stretch, this problem has been fixed in version 0.8.4-1+deb9u1.

We recommend that you upgrade your asyncpg packages.

For the detailed security status of asyncpg please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/asyncpg

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service.

For Debian 9 stretch, this problem has been fixed in version 2.0.14+20161117-3+deb9u3.

We recommend that you upgrade your uwsgi packages.

For the detailed security status of uwsgi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/uwsgi

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jayden Rivers found an integer overflow in the init_om function of libX11, the X11 client-side library, which could lead to a double free.

For Debian 9 stretch, this problem has been fixed in version 2:1.6.4-3+deb9u3.

We recommend that you upgrade your libx11 packages.

For the detailed security status of libx11 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libx11

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been found in the Apache HTTPD server.

  - CVE-2020-1927     Fabrice Perez reported that certain mod_rewrite     configurations are prone to an open redirect.

  - CVE-2020-1934     Chamal De Silva discovered that the mod_proxy_ftp module     uses uninitialized memory when proxying to a malicious     FTP backend.

  - CVE-2020-9490     Felix Wilhelm discovered that a specially crafted value     for the 'Cache-Digest' header in a HTTP/2 request could     cause a crash when the server actually tries to HTTP/2     PUSH a resource afterwards.

  - CVE-2020-11984     Felix Wilhelm reported a buffer overflow flaw in the     mod_proxy_uwsgi module which could result in information     disclosure or potentially remote code execution.

  - CVE-2020-11993     Felix Wilhelm reported that when trace/debug was enabled     for the HTTP/2 module certain traffic edge patterns can     cause logging statements on the wrong connection,     causing concurrent use of memory pools.

Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.

For Debian 9 stretch, these problems have been fixed in version 1:68.12.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code.

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.

Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.

Several issues have been found in xorg-server, the X server from xorg.
Basically all issues are out-of-bounds access or integer underflows in different request handlers. One CVE is about a leak of uninitialize heap memory to clients.

For Debian 9 stretch, these problems have been fixed in version 2:1.19.2-1+deb9u6.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.

For Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library.

For Debian 9 stretch, this problem has been fixed in version 1.11.7-1+deb9u1.

We recommend that you upgrade your ros-actionlib packages.

For the detailed security status of ros-actionlib please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ros-actionlib

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilites have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol.

CVE-2014-0791

An integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

CVE-2020-11042

In FreeRDP there was an out-of-bounds read in update_read_icon_info.
It allowed reading an attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This could have been used to crash the client or store information for later retrieval.

CVE-2020-11045

In FreeRDP there was an out-of-bound read in in update_read_bitmap_data that allowed client memory to be read to an image buffer. The result displayed on screen as colour.

CVE-2020-11046

In FreeRDP there was a stream out-of-bounds seek in update_read_synchronize that could have lead to a later out-of-bounds read.

CVE-2020-11048

In FreeRDP there was an out-of-bounds read. It only allowed to abort a session. No data extraction was possible.

CVE-2020-11058

In FreeRDP, a stream out-of-bounds seek in rdp_read_font_capability_set could have lead to a later out-of-bounds read. As a result, a manipulated client or server might have forced a disconnect due to an invalid data read.

CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.

CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.

CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.

CVE-2020-11526

libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-13396

An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

CVE-2020-13397

An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

CVE-2020-13398

An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

For Debian 9 stretch, these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.

We recommend that you upgrade your freerdp packages.

For the detailed security status of freerdp please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/freerdp

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two issues have been found in bind9, an Internet Domain Name Server.

CVE-2020-8622

Crafted responses to TSIG-signed requests could lead to an assertion failure, causing the server to exit. This could be done by malicious server operators or guessing attackers.

CVE-2020-8623

An assertions failure, causing the server to exit, can be exploited by a query for an RSA signed zone.

For Debian 9 stretch, these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u7.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue has been found in ndpi, an extensible deep packet inspection library. The Oracle protocol dissector contains an heap-based buffer over-read, which could crash the application that uses this library and may result in denial of service.

For Debian 9 stretch, this problem has been fixed in version 1.8-1+deb9u1.

We recommend that you upgrade your ndpi packages.

For the detailed security status of ndpi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ndpi

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue has been found in bacula, a network backup service. By sending oversized digest strings a malicious client can cause a heap overflow in the director's memory which results in a denial of service.

For Debian 9 stretch, this problem has been fixed in version 7.4.4+dfsg-6+deb9u2.

We recommend that you upgrade your bacula packages.

For the detailed security status of bacula please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/bacula

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The File Manager (gollem) module in Horde Groupware has allowed remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponded to the exact filename.

For Debian 9 stretch, this problem has been fixed in version 3.0.10-1+deb9u2.

We recommend that you upgrade your php-horde-gollem packages.

For the detailed security status of php-horde-gollem please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-gollem

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a 'Calendar -> New Event' action.

For Debian 9 stretch, this problem has been fixed in version 4.2.19-1+deb9u2.

We recommend that you upgrade your php-horde-kronolith packages.

For the detailed security status of php-horde-kronolith please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-kronolith

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In Horde Groupware, there has been an XSS via the Name field during creation of a new Resource. This could have been leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

For Debian 9 stretch, this problem has been fixed in version 4.2.19-1+deb9u1.

We recommend that you upgrade your php-horde-kronolith packages.

For the detailed security status of php-horde-kronolith please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-kronolith

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action.

For Debian 9 stretch, this problem has been fixed in version 5.2.13+debian0-1+deb9u3.

We recommend that you upgrade your php-horde packages.

For the detailed security status of php-horde please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action.

For Debian 9 stretch, this problem has been fixed in version 2.27.6+debian1-2+deb9u1.

We recommend that you upgrade your php-horde-core packages.

For the detailed security status of php-horde-core please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-core

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol.

CVE-2019-20839

libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename.

CVE-2020-14397

libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14399

Byte-aligned data was accessed through uint32_t pointers in libvncclient/rfbproto.c.

NOTE: This issue has been disputed by third parties; there is reportedly 'no trust boundary crossed'.

CVE-2020-14400

Byte-aligned data was accessed through uint16_t pointers in libvncserver/translate.c.

NOTE: This issue has been disputed by third parties. There is no known path of exploitation or cross of a trust boundary.

CVE-2020-14401

libvncserver/scale.c had a pixel_value integer overflow.

CVE-2020-14402

libvncserver/corre.c allowed out-of-bounds access via encodings.

CVE-2020-14403

libvncserver/hextile.c allowed out-of-bounds access via encodings.

CVE-2020-14404

libvncserver/rre.c allowed out-of-bounds access via encodings.

CVE-2020-14405

libvncclient/rfbproto.c did not limit TextChat size.

For Debian 9 stretch, these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u5.

We recommend that you upgrade your libvncserver packages.

For the detailed security status of libvncserver please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libvncserver

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in BIND, a DNS server implementation.

  - CVE-2020-8619     It was discovered that an asterisk character in an empty     non terminal can cause an assertion failure, resulting     in denial of service.

  - CVE-2020-8622     Dave Feldman, Jeff Warren, and Joel Cunningham reported     that a truncated TSIG response can lead to an assertion     failure, resulting in denial of service.

  - CVE-2020-8623     Lyu Chiy reported that a flaw in the native PKCS#11 code     can lead to a remotely triggerable assertion failure,     resulting in denial of service.

  - CVE-2020-8624     Joop Boonen reported that update-policy rules of type     'subdomain' are enforced incorrectly, allowing updates     to all parts of the zone along with the intended     subdomain.

Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.

For Debian 9 stretch, these problems have been fixed in version 68.12.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.

It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file.

For Debian 9 'Stretch', this problem has been fixed in version 7.0.33-0+deb9u9.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.

A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.

For Debian 9 stretch, this problem has been fixed in version 1:3.2.11-2+deb9u2.

We recommend that you upgrade your mongodb packages.

For the detailed security status of mongodb please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/mongodb

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.

For Debian 9 stretch, this problem has been fixed in version 2.4.1-1+deb9u1.

We recommend that you upgrade your icingaweb2 packages.

For the detailed security status of icingaweb2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/icingaweb2

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor.

CVE-2017-7525

Jackson Deserializer security vulnerability.

CVE-2017-15095

Block more JDK types from polymorphic deserialization.

CVE-2019-10172

XML external entity vulnerabilities.

For Debian 9 stretch, these problems have been fixed in version 1.9.2-8+deb9u1.

We recommend that you upgrade your libjackson-json-java packages.

For the detailed security status of libjackson-json-java please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libjackson-json-java

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Severity
140607	Debian DSA-4763-1 : teeworlds - security update	High
140606	Debian DLA-2374-1 : gnome-shell security update	Low
140541	Debian DLA-2373-1 : qemu security update	Medium
140540	Debian DLA-2372-1 : libproxy security update	Medium
140539	Debian DLA-2371-1 : wordpress security update	High
140538	Debian DLA-2370-1 : python-pip security update	Medium
140469	Debian DLA-2369-1 : libxml2 security update	High
140468	Debian DLA-2368-1 : grunt security update	Medium
140303	Debian DSA-4762-1 : lemonldap-ng - security update	High
140302	Debian DSA-4761-1 : zeromq3 - security update	Medium
140301	Debian DSA-4760-1 : qemu - security update	High
140300	Debian DSA-4759-1 : ark - security update	Medium
140299	Debian DSA-4758-1 : xorg-server - security update	Medium
140298	Debian DLA-2367-1 : lemonldap-ng security update	High
140297	Debian DLA-2366-1 : imagemagick security update	High
140296	Debian DLA-2365-1 : netty-3.9 security update	Medium
140295	Debian DLA-2364-1 : netty security update	High
140225	Debian DLA-2363-1 : asyncpg security update	High
140224	Debian DLA-2362-1 : uwsgi security update	High
140134	Debian DLA-2361-1 : libx11 security update	High
140104	Debian DSA-4757-1 : apache2 - security update	High
140103	Debian DLA-2360-1 : thunderbird security update	High
140062	Debian DSA-4756-1 : lilypond - security update	High
140061	Debian DSA-4755-1 : openexr - security update	Medium
140060	Debian DSA-4754-1 : thunderbird - security update	High
140059	Debian DSA-4753-1 : mupdf - security update	Medium
140058	Debian DLA-2359-1 : xorg-server security update	Medium
140057	Debian DLA-2358-1 : openexr security update	Medium
140056	Debian DLA-2357-1 : ros-actionlib security update	Medium
140055	Debian DLA-2356-1 : freerdp security update	Medium
140054	Debian DLA-2355-1 : bind9 security update	Medium
140053	Debian DLA-2354-1 : ndpi security update	Medium
140052	Debian DLA-2353-1 : bacula security update	Medium
140051	Debian DLA-2352-1 : php-horde-gollem security update	Medium
140050	Debian DLA-2351-1 : php-horde-kronolith security update	Low
140049	Debian DLA-2350-1 : php-horde-kronolith security update	Low
140048	Debian DLA-2349-1 : php-horde security update	Low
140047	Debian DLA-2348-1 : php-horde-core security update	Low
140046	Debian DLA-2347-1 : libvncserver security update	Medium
139930	Debian DSA-4752-1 : bind9 - security update	Medium
139929	Debian DSA-4751-1 : squid - security update	Medium
139928	Debian DLA-2346-1 : firefox-esr security update	High
139878	Debian DSA-4750-1 : nginx - security update	Medium
139877	Debian DSA-4749-1 : firefox-esr - security update	High
139876	Debian DLA-2345-1 : php7.0 security update	Medium
139812	Debian DSA-4748-1 : ghostscript - security update	Medium
139777	Debian DSA-4747-1 : icingaweb2 - security update	Medium
139776	Debian DLA-2344-1 : mongodb security update	Medium
139775	Debian DLA-2343-1 : icingaweb2 security update	Medium
139774	Debian DLA-2342-1 : libjackson-json-java security update	High

Debian Local Security Checks Family for Nessus