USN-6858-1: eSpeak NG vulnerabilities

Read Time:14 Second

It was discovered that eSpeak NG did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991,
CVE-2023-49992, CVE-2023-49993, CVE-2023-49994)

Read More

DSA-5724-1 openssh – security update

Read Time:33 Second

The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd’s SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.

Details can be found in the Qualys advisory at
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://security-tracker.debian.org/tracker/DSA-5724-1

Read More