Debian Beveiliging

Debian Security Advisories

DSA-4898 wpa – security update

22 April 2021, 12:00 am

Several vulnerabilities have been discovered in wpa_supplicant and
hostapd.

It was discovered that the PEAR Archive_Tar package for handling tar
files in PHP is prone to a directory traversal flaw due to inadequate
checking of symbolic links.

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure, privilege escalation or spoofing.

Jan-Niklas Sohn discovered that missing input sanitising in the XInput
extension of the X.org X server may result in privilege escalation if
the X server is running privileged.

It was reported that python-bleach, a whitelist-based HTML-sanitizing
library, is prone to a mutation XSS vulnerability in bleach.clean when
svg or math are in the allowed tags, ‘p’ or br are in allowed
tags, style, title, noscript, script, textarea, noframes,
iframe, or xmp are in allowed tags and ‘strip_comments=False’ is
set.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine,
which could result in information disclosure or denial of service.

Stan Hu discovered that kramdown, a pure Ruby Markdown parser and
converter, performed insufficient namespace validation of Rouge syntax
highlighting formatters.

DSA-4888 xen – security update

10 April 2021, 12:00 am

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, privilege escalation or memory
disclosure.

Multiple security issues were found in MediaWiki, a website engine for
collaborative work, which could result in incomplete page/blocking
protection, denial of service or cross-site scripting.

A use-after-free was discovered in Lib3MF, a C++ implementation of the
3D Manufacturing Format, which could result in the execution of
arbitrary code if a malformed file is opened.

Several vulnerabilites have been discovered in the chromium web browser.

Multiple security issues were discovered in Netty, a Java NIO
client/server framework, which could result in HTTP request smuggling,
denial of service or information disclosure.

Multiple vulnerabilities have been discovered in ldb, a LDAP-like
embedded database built on top of TDB.

Multiple vulnerabilities have been discovered in openjpeg2, the
open-source JPEG 2000 codec, which could result in denial of service or
the execution of arbitrary code when opening a malformed image.

It was discovered that missing input sanitising in the template()
function of the Underscore JavaScript library could result in the
execution of arbitrary code.

Multiple vulnerabilities were discovered in cURL, an URL transfer library:

Kevin Chung discovered that lxml, a Python binding for the libxml2 and
libxslt libraries, did not properly sanitize its input. This would
allow a malicious user to mount a cross-site scripting attack.

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

Ben Caller discovered that Pygments, a syntax highlighting package
written in Python 3, used regular expressions which could result in
denial of service.

Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam
filter using text analysis. Malicious rule configuration files, possibly
downloaded from an updates server, could execute arbitrary commands
under multiple scenarios.

A NULL pointer dereference was found in the signature_algorithms
processing in OpenSSL, a Secure Sockets Layer toolkit, which could
result in denial of service.

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure.

Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code, information disclosure or spoofing attacks.

Jianjun Chen discovered that the Squid proxy caching server was
susceptible to HTTP request smuggling.