Security researchers of JFrog Security and Ismail Aydemir discovered two remote
code execution vulnerabilities in the H2 Java SQL database engine which can be
exploited through various attack vectors, most notably through the H2 Console
and by loading custom classes from remote servers through JNDI. The H2 console
is a developer tool and not required by any reverse-dependency in Debian. It
has been disabled in (old)stable releases. Database developers are advised to
use at least version 2.1.210-1, currently available in Debian unstable.
More Stories
dotnet9.0-9.0.104-1.fc40
FEDORA-2025-78dcffbaa1 Packages in this update: dotnet9.0-9.0.104-1.fc40 Update description: This is the monthly update for .NET 9 for March 2025. Release...
dotnet9.0-9.0.104-1.fc41
FEDORA-2025-2edd9dc83b Packages in this update: dotnet9.0-9.0.104-1.fc41 Update description: This is the monthly update for .NET 9 for March 2025. Release...
dotnet9.0-9.0.104-1.fc42
FEDORA-2025-a4aedd0b23 Packages in this update: dotnet9.0-9.0.104-1.fc42 Update description: This is the monthly update for .NET 9 for March 2025. Release...
USN-7352-1: FreeType vulnerability
It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use...
USN-7299-4: X.Org X Server regression
USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS....
DSA-5880-1 freetype – security update
An out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files was...