Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights
Category Archives: Advisories
DSA-5077 librecad – security update
Multiple security issues were discovered in LibreCAD, an application for
computer aided design (CAD) which could result in denial of service or
the execution of arbitrary code if a malformed CAD file is opened.
DSA-5076 h2database – security update
Security researchers of JFrog Security and Ismail Aydemir discovered two remote
code execution vulnerabilities in the H2 Java SQL database engine which can be
exploited through various attack vectors, most notably through the H2 Console
and by loading custom classes from remote servers through JNDI. The H2 console
is a developer tool and not required by any reverse-dependency in Debian. It
has been disabled in (old)stable releases. Database developers are advised to
use at least version 2.1.210-1, currently available in Debian unstable.
DSA-5075 minetest – security update
Several vulnerabilities have been discovered in Minetest, a sandbox video game
and game creation system. These issues may allow attackers to manipulate game
mods and grant them an unfair advantage over other players. These flaws could
also be abused for a denial of service attack against a Minetest server or if
user input is passed directly to minetest.deserialize without serializing it
first, then a malicious user could run Lua code in the server environment.
DSA-5074 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5073 expat – security update
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
DSA-5072 debian-edu-config – security update
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann
discovered that debian-edu-config, a set of configuration files used for
the Debian Edu blend configured insecure permissions for the user web
shares (~/public_html), which could result in privilege escalation.
DSA-5071 samba – security update
Several vulnerabilities were discovered in Samba, a SMB/CIFS file,
print, and login server for Unix.
DSA-5070 cryptsetup – security update
Multiple Vulnerabilities in SAP Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in SAP products, the most severe of which (CVE-2022-22536) could allow for remote code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.