Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Category Archives: Advisories
DSA-5073 expat – security update
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
DSA-5072 debian-edu-config – security update
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann
discovered that debian-edu-config, a set of configuration files used for
the Debian Edu blend configured insecure permissions for the user web
shares (~/public_html), which could result in privilege escalation.
DSA-5071 samba – security update
Several vulnerabilities were discovered in Samba, a SMB/CIFS file,
print, and login server for Unix.
DSA-5070 cryptsetup – security update
Multiple Vulnerabilities in SAP Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in SAP products, the most severe of which (CVE-2022-22536) could allow for remote code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.
Multiple Vulnerabilities in Mozilla Firefox and Firefox Extended Support Release (ESR) Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
DSA-5069 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or spoofing.
[R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities
Out of caution and in line with best practice, Tenable has opted to upgrade the Expat component to address the potential impact of the issue. Nessus 10.1.1 and Nessus 8.15.3 update Expat to version 2.4.4 to address the identified vulnerability.
Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution.
Premiere Rush is a video editor.
Illustrator is a vector graphics editor and design program.
Photoshop is a graphics editor.
Adobe After Effects is a digital visual effects, motion graphics, and compositing application.
Creative Cloud is a cloud service provided by Adobe where its software can be accessed all in one place.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.