Citation: |
From [email protected] Sat Aug 22 02:32:03 2020
Return-Path: <[email protected]> X-Original-To: root Delivered-To: [email protected] Received: by localhost.lan (Postfix, from userid 1) id xxxxxxxxxx; Sat, 22 Aug 2020 02:32:03 +0200 (CEST) Subject: Debian security status of odroidxu4 To: [email protected] Message-Id: <[email protected]> Date: Sat, 22 Aug 2020 02:32:03 +0200 (CEST) From: daemon <[email protected]> Security report based on general data If you specify a proper suite, this report will include information regarding available security updates and obsolete packages. To set the correct suite, run "dpkg-reconfigure debsecan" as root. *** New vulnerabilities CVE-2020-8231 <https://security-tracker.debian.org/tracker/CVE-2020-8231> - curl, libcurl3-gnutls, libcurl4 *** Vulnerabilities CVE-2012-1096 NetworkManager 0.9 and earlier allows local users to... <https://security-tracker.debian.org/tracker/CVE-2012-1096> - libnm0, network-manager (low urgency) CVE-2013-7445 The Direct Rendering Manager (DRM) subsystem in the... <https://security-tracker.debian.org/tracker/CVE-2013-7445> - linux-libc-dev CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or... <https://security-tracker.debian.org/tracker/CVE-2016-10228> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales (low urgency) CVE-2016-1585 In all versions of AppArmor mount rules are... <https://security-tracker.debian.org/tracker/CVE-2016-1585> - libapparmor1 (low urgency) CVE-2016-2568 pkexec, when used with --user nonpriv, allows local... <https://security-tracker.debian.org/tracker/CVE-2016-2568> - libpolkit-agent-1-0, libpolkit-backend-1-0, libpolkit-gobject-1-0, policykit-1 (low urgency) CVE-2016-2781 chroot in GNU coreutils, when used with --userspec,... <https://security-tracker.debian.org/tracker/CVE-2016-2781> - coreutils (low urgency) CVE-2016-9318 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23... <https://security-tracker.debian.org/tracker/CVE-2016-9318> - libxml2 CVE-2017-0630 An information disclosure vulnerability in the kernel... <https://security-tracker.debian.org/tracker/CVE-2017-0630> - linux-libc-dev CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent... <https://security-tracker.debian.org/tracker/CVE-2017-16932> - libxml2 CVE-2017-18258 The xz_head function in xzlib.c in libxml2 before... <https://security-tracker.debian.org/tracker/CVE-2017-18258> - libxml2 (low urgency) CVE-2017-6363 ** DISPUTED ** In the GD Graphics Library (aka LibGD)... <https://security-tracker.debian.org/tracker/CVE-2017-6363> - libgd3 CVE-2017-7189 main/streams/xp_socket.c in PHP 7.x before 2017-03-07... <https://security-tracker.debian.org/tracker/CVE-2017-7189> - php7.3, php7.3-bcmath, php7.3-bz2, php7.3-cli, php7.3-common, php7.3-curl, php7.3-fpm, php7.3-gd, php7.3-gmp, php7.3-intl, php7.3-json, php7.3-ldap, php7.3-mbstring, php7.3-mysql, php7.3-opcache, php7.3-readline, php7.3-xml, php7.3-zip CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in... <https://security-tracker.debian.org/tracker/CVE-2017-7272> - php7.3, php7.3-bcmath, php7.3-bz2, php7.3-cli, php7.3-common, php7.3-curl, php7.3-fpm, php7.3-gd, php7.3-gmp, php7.3-intl, php7.3-json, php7.3-ldap, php7.3-mbstring, php7.3-mysql, php7.3-opcache, php7.3-readline, php7.3-xml, php7.3-zip CVE-2018-10910 A bug in Bluez may allow for the Bluetooth... <https://security-tracker.debian.org/tracker/CVE-2018-10910> - libbluetooth3 (low urgency) CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of... <https://security-tracker.debian.org/tracker/CVE-2018-1152> - libjpeg62-turbo (low urgency) CVE-2018-12886 stack_protect_prologue in cfgexpand.c and... <https://security-tracker.debian.org/tracker/CVE-2018-12886> - cpp-8, g++-8, gcc-8, gcc-8-base, libasan5, libatomic1, libcc1-0, libgcc-8-dev, libgcc1, libgomp1, libstdc++-8-dev, libstdc++6, libubsan1 CVE-2018-12928 In the Linux kernel 4.15.0, a NULL pointer... <https://security-tracker.debian.org/tracker/CVE-2018-12928> - linux-libc-dev (low urgency) CVE-2018-14404 A NULL pointer dereference vulnerability exists in... <https://security-tracker.debian.org/tracker/CVE-2018-14404> - libxml2 (low urgency) CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through... <https://security-tracker.debian.org/tracker/CVE-2018-14498> - libjpeg62-turbo (low urgency) CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through... <https://security-tracker.debian.org/tracker/CVE-2018-14553> - libgd3 (low urgency) CVE-2018-14567 libxml2 2.9.8, if --with-lzma is used, allows remote... <https://security-tracker.debian.org/tracker/CVE-2018-14567> - libxml2 CVE-2018-15919 Remotely observable behaviour in auth-gss2.c in... <https://security-tracker.debian.org/tracker/CVE-2018-15919> - openssh-client, openssh-server, openssh-sftp-server (low urgency) CVE-2018-16384 A SQL injection bypass (aka PL1 bypass) exists in... <https://security-tracker.debian.org/tracker/CVE-2018-16384> - modsecurity-crs (low urgency) CVE-2018-17977 The Linux kernel 4.14.67 mishandles certain... <https://security-tracker.debian.org/tracker/CVE-2018-17977> - linux-libc-dev CVE-2018-18653 The Linux kernel, as used in Ubuntu 18.10 and when... <https://security-tracker.debian.org/tracker/CVE-2018-18653> - linux-libc-dev CVE-2018-3693 Systems with microprocessors utilizing speculative... <https://security-tracker.debian.org/tracker/CVE-2018-3693> - linux-libc-dev CVE-2018-7169 An issue was discovered in shadow 4.5. newgidmap (in... <https://security-tracker.debian.org/tracker/CVE-2018-7169> - login, passwd (low urgency) CVE-2018-7577 Memcpy parameter overlap in Google Snappy library... <https://security-tracker.debian.org/tracker/CVE-2018-7577> - libsnappy1v5 CVE-2019-10218 A flaw was found in the samba client, all samba... <https://security-tracker.debian.org/tracker/CVE-2019-10218> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-11236 In the urllib3 library through 1.24.1 for Python,... <https://security-tracker.debian.org/tracker/CVE-2019-11236> - python3-urllib3 CVE-2019-12290 GNU libidn2 before 2.2.0 fails to perform the... <https://security-tracker.debian.org/tracker/CVE-2019-12290> - libidn2-0 CVE-2019-12881 i915_gem_userptr_get_pages in... <https://security-tracker.debian.org/tracker/CVE-2019-12881> - linux-libc-dev CVE-2019-13103 A crafted self-referential DOS partition table will... <https://security-tracker.debian.org/tracker/CVE-2019-13103> - u-boot-tools (low urgency) CVE-2019-13104 In Das U-Boot versions 2016.11-rc1 through... <https://security-tracker.debian.org/tracker/CVE-2019-13104> - u-boot-tools (low urgency) CVE-2019-13105 Das U-Boot versions 2019.07-rc1 through 2019.07-rc4... <https://security-tracker.debian.org/tracker/CVE-2019-13105> - u-boot-tools (low urgency) CVE-2019-13106 Das U-Boot versions 2016.09 through 2019.07-rc4 can... <https://security-tracker.debian.org/tracker/CVE-2019-13106> - u-boot-tools (low urgency) CVE-2019-13115 In libssh2 before 1.9.0,... <https://security-tracker.debian.org/tracker/CVE-2019-13115> - libssh2-1 CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c in... <https://security-tracker.debian.org/tracker/CVE-2019-13224> - libonig5 (low urgency) CVE-2019-13225 A NULL Pointer Dereference in match_at() in... <https://security-tracker.debian.org/tracker/CVE-2019-13225> - libonig5 (low urgency) CVE-2019-13627 It was discovered that there was a ECDSA timing... <https://security-tracker.debian.org/tracker/CVE-2019-13627> - libgcrypt20 CVE-2019-14192 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14192> - u-boot-tools CVE-2019-14193 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14193> - u-boot-tools CVE-2019-14194 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14194> - u-boot-tools CVE-2019-14195 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14195> - u-boot-tools CVE-2019-14196 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14196> - u-boot-tools CVE-2019-14197 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14197> - u-boot-tools CVE-2019-14198 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14198> - u-boot-tools CVE-2019-14199 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14199> - u-boot-tools CVE-2019-14200 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14200> - u-boot-tools CVE-2019-14201 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14201> - u-boot-tools CVE-2019-14202 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14202> - u-boot-tools CVE-2019-14203 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14203> - u-boot-tools CVE-2019-14204 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14204> - u-boot-tools CVE-2019-14833 A flaw was found in Samba, all versions starting... <https://security-tracker.debian.org/tracker/CVE-2019-14833> |
Dysnome a écrit: |
Peux-tu nous donner l'output de:
lsb_release -a |
Code: |
No LSB modules are available.
Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster |
Dysnome a écrit: |
Peux-tu nous donner l'output de:
uname -a |
Code: |
Linux odroidxu4 4.14.187-odroidxu4 #1 SMP PREEMPT Thu Jul 2 14:12:08 UTC 2020 armv7l GNU/Linux |
Dysnome a écrit: |
Et si tu fais un "sudo apt update && sudo apt upgrade && sudo apt dist-upgrade" il te propose quoi ? |
Code: |
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease Hit:3 http://deb.debian.org/debian buster-updates InRelease Hit:4 http://deb.debian.org/debian buster-backports InRelease Hit:5 http://security.debian.org/debian-security buster/updates InRelease Hit:6 https://uk.mirrors.fossho.st/armbian/apt buster InRelease Reading package lists... Done Building dependency tree Reading state information... Done 6 packages can be upgraded. Run 'apt list --upgradable' to see them. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: armbian-config armbian-firmware linux-buster-root-legacy-odroidxu4 linux-dtb-legacy-odroidxu4 linux-image-legacy-odroidxu4 linux-u-boot-odroidxu4-legacy 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 24.7 MB of archives. After this operation, 158 kB disk space will be freed. Do you want to continue? [Y/n] y Get:2 https://uk.mirrors.fossho.st/armbian/apt buster/main armhf armbian-firmware all 20.08 [6674 kB] Get:1 https://mirrors.netix.net/armbian/apt buster/main armhf armbian-config all 20.08 [43.6 kB] Get:4 https://mirrors.dotsrc.org/armbian-apt buster/main armhf linux-dtb-legacy-odroidxu4 armhf 20.08 [80.4 kB] Get:5 https://mirrors.netix.net/armbian/apt buster/main armhf linux-image-legacy-odroidxu4 armhf 20.08 [17.2 MB] Get:6 https://us.mirrors.fossho.st/armbian/apt buster/main armhf linux-u-boot-odroidxu4-legacy armhf 20.08 [268 kB] Get:3 https://armbian.systemonachip.net/apt buster/main armhf linux-buster-root-legacy-odroidxu4 armhf 20.08 [413 kB] Fetched 24.7 MB in 4s (6299 kB/s) perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = "en_US.UTF-8", LC_ALL = "", LC_MESSAGES = "en_US.UTF-8", LANG = (unset) are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). (Reading database ... 42389 files and directories currently installed.) Preparing to unpack .../0-armbian-config_20.08_all.deb ... Unpacking armbian-config (20.08) over (20.05.10) ... Preparing to unpack .../1-armbian-firmware_20.08_all.deb ... Unpacking armbian-firmware (20.08) over (20.05.7) ... Preparing to unpack .../2-linux-buster-root-legacy-odroidxu4_20.08_armhf.deb ... Unpacking linux-buster-root-legacy-odroidxu4 (20.08) over (20.05.7) ... Preparing to unpack .../3-linux-dtb-legacy-odroidxu4_20.08_armhf.deb ... Unpacking linux-dtb-legacy-odroidxu4 (20.08) over (20.05.7) ... Preparing to unpack .../4-linux-image-legacy-odroidxu4_20.08_armhf.deb ... update-initramfs: Deleting /boot/initrd.img-4.14.187-odroidxu4 Removing obsolete file uInitrd-4.14.187-odroidxu4 Unpacking linux-image-legacy-odroidxu4 (20.08) over (20.05.7) ... Preparing to unpack .../5-linux-u-boot-odroidxu4-legacy_20.08_armhf.deb ... Unpacking linux-u-boot-odroidxu4-legacy (20.08) over (20.05.7) ... Setting up linux-u-boot-odroidxu4-legacy (20.08) ... Setting up linux-dtb-legacy-odroidxu4 (20.08) ... Setting up armbian-config (20.08) ... Setting up linux-buster-root-legacy-odroidxu4 (20.08) ... Setting up linux-image-legacy-odroidxu4 (20.08) ... update-initramfs: Generating /boot/initrd.img-4.14.191-odroidxu4 update-initramfs: Converting to u-boot format Setting up armbian-firmware (20.08) ... Processing triggers for initramfs-tools (0.133+deb10u1) ... update-initramfs: Generating /boot/initrd.img-4.14.191-odroidxu4 update-initramfs: Converting to u-boot format Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. |
Dysnome a écrit: |
C'est super étonnant car tu semble être effectivement à jour. Il faut p-e attendre que le kernel 5.4.y soit considéré comme stable, patcher et voir si Nextcloud est content.
Si tu veux, fais le test d'installer Nextcloud avec le kernel 5.4.y et regarde ce que ça donne. Dans tout les cas t'as pas trop le choix d'attendre. Edit : Si t'as les moyens, passe un scan avec Nessus ou OpenVAS pour confirmer que les CVE soient bien actives sur ton système. Ça en fait quand-même un bon paquet pour un OS récent. |
Dysnome a écrit: |
En relisant le mail, je suis pas persuady que c'est un listing des CVE non fixées sur ton système. Debian 10 est assez récent et ne devrais pas comporter des vulnérabilités de 2018.
Par contre, je dis pas que c'est Nextcloud qui a envoyé le mail. Il n'y a pas beaucoup d'info à ce sujet. Dans Nextcloud, run l'utilitaire pour vérifier la sécurité de ton setup. Et au niveau de l'OS, run Nessus ou OpenVAS depuis n'importe quel host de ton réseau (ça peut être dans un container, dans une VM, etc). Dans tout les cas, prend une license gratuite, t'aura pas besoin de plus. Une fois ton OS scanné, tu verra bien ce qui est vulnérable. Manque de bol pour le timing, j'ai pas encore sorti de vidéo qui explique comment faire tout ça :) |
OMGimag33k a écrit: |
Bonjour,
Ta liste de vulnérabilités ressemble à un rapport debsecan:https://wiki.debian.org/DebianSecurity/debsecan Debsecan est approprié uniquement sur debian, sur une autre distribution il va te remonter des faux positifs donc le résultat du scan n'est pas pertinent. Sinon Nextcloud peut s'installer sur à peu près n'importe quel serveur avec le web installer: https://nextcloud.com/install/#instructions-server |
Code: |
From [email protected] Sun Aug 23 18:42:03 2020
Return-Path: <[email protected]> X-Original-To: root Delivered-To: [email protected] Received: by localhost.lan (Postfix, from userid 1) id xxxxxxxxxx; Sun, 23 Aug 2020 18:42:03 +0200 (CEST) Subject: Debian security status of odroidxu4 To: [email protected] Message-Id: <[email protected]> Date: Sun, 23 Aug 2020 18:42:03 +0200 (CEST) From: daemon <[email protected]> Security report based on general data If you specify a proper suite, this report will include information regarding available security updates and obsolete packages. To set the correct suite, run "dpkg-reconfigure debsecan" as root. *** New vulnerabilities CVE-2012-1096 NetworkManager 0.9 and earlier allows local users to... <https://security-tracker.debian.org/tracker/CVE-2012-1096> - libnm0, network-manager (low urgency) CVE-2013-7445 The Direct Rendering Manager (DRM) subsystem in the... <https://security-tracker.debian.org/tracker/CVE-2013-7445> - linux-libc-dev CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or... <https://security-tracker.debian.org/tracker/CVE-2016-10228> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales (low urgency) CVE-2016-1585 In all versions of AppArmor mount rules are... <https://security-tracker.debian.org/tracker/CVE-2016-1585> - libapparmor1 (low urgency) CVE-2016-2568 pkexec, when used with --user nonpriv, allows local... <https://security-tracker.debian.org/tracker/CVE-2016-2568> - libpolkit-agent-1-0, libpolkit-backend-1-0, libpolkit-gobject-1-0, policykit-1 (low urgency) CVE-2016-2781 chroot in GNU coreutils, when used with --userspec,... <https://security-tracker.debian.org/tracker/CVE-2016-2781> - coreutils (low urgency) CVE-2016-9318 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23... <https://security-tracker.debian.org/tracker/CVE-2016-9318> - libxml2 CVE-2017-0630 An information disclosure vulnerability in the kernel... <https://security-tracker.debian.org/tracker/CVE-2017-0630> - linux-libc-dev CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent... <https://security-tracker.debian.org/tracker/CVE-2017-16932> - libxml2 CVE-2017-18258 The xz_head function in xzlib.c in libxml2 before... <https://security-tracker.debian.org/tracker/CVE-2017-18258> - libxml2 (low urgency) CVE-2017-6363 ** DISPUTED ** In the GD Graphics Library (aka LibGD)... <https://security-tracker.debian.org/tracker/CVE-2017-6363> - libgd3 CVE-2017-7189 main/streams/xp_socket.c in PHP 7.x before 2017-03-07... <https://security-tracker.debian.org/tracker/CVE-2017-7189> - php7.3, php7.3-bz2, php7.3-cli, php7.3-common, php7.3-curl, php7.3-fpm, php7.3-gd, php7.3-gmp, php7.3-intl, php7.3-json, php7.3-ldap, php7.3-mbstring, php7.3-mysql, php7.3-opcache, php7.3-readline, php7.3-xml, php7.3-zip CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in... <https://security-tracker.debian.org/tracker/CVE-2017-7272> - php7.3, php7.3-bz2, php7.3-cli, php7.3-common, php7.3-curl, php7.3-fpm, php7.3-gd, php7.3-gmp, php7.3-intl, php7.3-json, php7.3-ldap, php7.3-mbstring, php7.3-mysql, php7.3-opcache, php7.3-readline, php7.3-xml, php7.3-zip CVE-2018-10910 A bug in Bluez may allow for the Bluetooth... <https://security-tracker.debian.org/tracker/CVE-2018-10910> - libbluetooth3 (low urgency) CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of... <https://security-tracker.debian.org/tracker/CVE-2018-1152> - libjpeg62-turbo (low urgency) CVE-2018-12886 stack_protect_prologue in cfgexpand.c and... <https://security-tracker.debian.org/tracker/CVE-2018-12886> - cpp-8, g++-8, gcc-8, gcc-8-base, libasan5, libatomic1, libcc1-0, libgcc-8-dev, libgcc1, libgomp1, libstdc++-8-dev, libstdc++6, libubsan1 CVE-2018-12928 In the Linux kernel 4.15.0, a NULL pointer... <https://security-tracker.debian.org/tracker/CVE-2018-12928> - linux-libc-dev (low urgency) CVE-2018-14404 A NULL pointer dereference vulnerability exists in... <https://security-tracker.debian.org/tracker/CVE-2018-14404> - libxml2 (low urgency) CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through... <https://security-tracker.debian.org/tracker/CVE-2018-14498> - libjpeg62-turbo (low urgency) CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through... <https://security-tracker.debian.org/tracker/CVE-2018-14553> - libgd3 (low urgency) CVE-2018-14567 libxml2 2.9.8, if --with-lzma is used, allows remote... <https://security-tracker.debian.org/tracker/CVE-2018-14567> - libxml2 CVE-2018-15919 Remotely observable behaviour in auth-gss2.c in... <https://security-tracker.debian.org/tracker/CVE-2018-15919> - openssh-client, openssh-server, openssh-sftp-server (low urgency) CVE-2018-16384 A SQL injection bypass (aka PL1 bypass) exists in... <https://security-tracker.debian.org/tracker/CVE-2018-16384> - modsecurity-crs (low urgency) CVE-2018-17977 The Linux kernel 4.14.67 mishandles certain... <https://security-tracker.debian.org/tracker/CVE-2018-17977> - linux-libc-dev CVE-2018-18653 The Linux kernel, as used in Ubuntu 18.10 and when... <https://security-tracker.debian.org/tracker/CVE-2018-18653> - linux-libc-dev CVE-2018-3693 Systems with microprocessors utilizing speculative... <https://security-tracker.debian.org/tracker/CVE-2018-3693> - linux-libc-dev CVE-2018-7169 An issue was discovered in shadow 4.5. newgidmap (in... <https://security-tracker.debian.org/tracker/CVE-2018-7169> - login, passwd (low urgency) CVE-2018-7577 Memcpy parameter overlap in Google Snappy library... <https://security-tracker.debian.org/tracker/CVE-2018-7577> - libsnappy1v5 CVE-2019-10218 A flaw was found in the samba client, all samba... <https://security-tracker.debian.org/tracker/CVE-2019-10218> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-11236 In the urllib3 library through 1.24.1 for Python,... <https://security-tracker.debian.org/tracker/CVE-2019-11236> - python3-urllib3 CVE-2019-12290 GNU libidn2 before 2.2.0 fails to perform the... <https://security-tracker.debian.org/tracker/CVE-2019-12290> - libidn2-0 CVE-2019-12881 i915_gem_userptr_get_pages in... <https://security-tracker.debian.org/tracker/CVE-2019-12881> - linux-libc-dev CVE-2019-13103 A crafted self-referential DOS partition table will... <https://security-tracker.debian.org/tracker/CVE-2019-13103> - u-boot-tools (low urgency) CVE-2019-13104 In Das U-Boot versions 2016.11-rc1 through... <https://security-tracker.debian.org/tracker/CVE-2019-13104> - u-boot-tools (low urgency) CVE-2019-13105 Das U-Boot versions 2019.07-rc1 through 2019.07-rc4... <https://security-tracker.debian.org/tracker/CVE-2019-13105> - u-boot-tools (low urgency) CVE-2019-13106 Das U-Boot versions 2016.09 through 2019.07-rc4 can... <https://security-tracker.debian.org/tracker/CVE-2019-13106> - u-boot-tools (low urgency) CVE-2019-13115 In libssh2 before 1.9.0,... <https://security-tracker.debian.org/tracker/CVE-2019-13115> - libssh2-1 CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c in... <https://security-tracker.debian.org/tracker/CVE-2019-13224> - libonig5 (low urgency) CVE-2019-13225 A NULL Pointer Dereference in match_at() in... <https://security-tracker.debian.org/tracker/CVE-2019-13225> - libonig5 (low urgency) CVE-2019-13627 It was discovered that there was a ECDSA timing... <https://security-tracker.debian.org/tracker/CVE-2019-13627> - libgcrypt20 CVE-2019-14192 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14192> - u-boot-tools CVE-2019-14193 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14193> - u-boot-tools CVE-2019-14194 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14194> - u-boot-tools CVE-2019-14195 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14195> - u-boot-tools CVE-2019-14196 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14196> - u-boot-tools CVE-2019-14197 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14197> - u-boot-tools CVE-2019-14198 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14198> - u-boot-tools CVE-2019-14199 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14199> - u-boot-tools CVE-2019-14200 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14200> - u-boot-tools CVE-2019-14201 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14201> - u-boot-tools CVE-2019-14202 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14202> - u-boot-tools CVE-2019-14203 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14203> - u-boot-tools CVE-2019-14204 An issue was discovered in Das U-Boot through... <https://security-tracker.debian.org/tracker/CVE-2019-14204> - u-boot-tools CVE-2019-14833 A flaw was found in Samba, all versions starting... <https://security-tracker.debian.org/tracker/CVE-2019-14833> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-14834 A vulnerability was found in dnsmasq before version... <https://security-tracker.debian.org/tracker/CVE-2019-14834> - dnsmasq, dnsmasq-base CVE-2019-14847 A flaw was found in samba 4.0.0 before samba 4.9.15... <https://security-tracker.debian.org/tracker/CVE-2019-14847> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-14855 A flaw was found in the way certificate signatures... <https://security-tracker.debian.org/tracker/CVE-2019-14855> - dirmngr, gnupg, gnupg-l10n, gnupg-utils, gpg, gpg-agent, gpg-wks-client, gpg-wks-server, gpgconf, gpgsm, gpgv (low urgency) CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x... <https://security-tracker.debian.org/tracker/CVE-2019-14861> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-14866 In all versions of cpio before 2.13 does not... <https://security-tracker.debian.org/tracker/CVE-2019-14866> - cpio (low urgency) CVE-2019-14870 All Samba versions 4.x.x before 4.9.17, 4.10.x... <https://security-tracker.debian.org/tracker/CVE-2019-14870> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-14902 There is an issue in all samba 4.11.x versions... <https://security-tracker.debian.org/tracker/CVE-2019-14902> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-14907 All samba versions 4.9.x before 4.9.18, 4.10.x... <https://security-tracker.debian.org/tracker/CVE-2019-14907> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery... <https://security-tracker.debian.org/tracker/CVE-2019-1551> - libssl1.1, openssl (low urgency) CVE-2019-15847 The POWER9 backend in GNU Compiler Collection (GCC)... <https://security-tracker.debian.org/tracker/CVE-2019-15847> - cpp-8, g++-8, gcc-8, gcc-8-base, libasan5, libatomic1, libcc1-0, libgcc-8-dev, libgcc1, libgomp1, libstdc++-8-dev, libstdc++6, libubsan1 CVE-2019-16163 Oniguruma before 6.9.3 allows Stack Exhaustion in... <https://security-tracker.debian.org/tracker/CVE-2019-16163> - libonig5 (low urgency) CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in... <https://security-tracker.debian.org/tracker/CVE-2019-16168> - libsqlite3-0 CVE-2019-17041 An issue was discovered in Rsyslog v8.1908.0.... <https://security-tracker.debian.org/tracker/CVE-2019-17041> - rsyslog CVE-2019-17042 An issue was discovered in Rsyslog v8.1908.0.... <https://security-tracker.debian.org/tracker/CVE-2019-17042> - rsyslog CVE-2019-17498 In libssh2 v1.9.0 and earlier versions, the... <https://security-tracker.debian.org/tracker/CVE-2019-17498> - libssh2-1 (low urgency) CVE-2019-17543 LZ4 before 1.9.2 has a heap-based buffer overflow in... <https://security-tracker.debian.org/tracker/CVE-2019-17543> - liblz4-1 (low urgency) CVE-2019-19012 An integer overflow in the search_in_range function... <https://security-tracker.debian.org/tracker/CVE-2019-19012> - libonig5 (low urgency) CVE-2019-19039 ** DISPUTED ** __btrfs_free_extent in... <https://security-tracker.debian.org/tracker/CVE-2019-19039> - linux-libc-dev CVE-2019-19073 Memory leaks in... <https://security-tracker.debian.org/tracker/CVE-2019-19073> - linux-libc-dev CVE-2019-19074 A memory leak in the ath9k_wmi_cmd() function in... <https://security-tracker.debian.org/tracker/CVE-2019-19074> - linux-libc-dev CVE-2019-19203 An issue was discovered in Oniguruma 6.x before... <https://security-tracker.debian.org/tracker/CVE-2019-19203> - libonig5 (low urgency) CVE-2019-19204 An issue was discovered in Oniguruma 6.x before... <https://security-tracker.debian.org/tracker/CVE-2019-19204> - libonig5 (low urgency) CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and... <https://security-tracker.debian.org/tracker/CVE-2019-19246> - libonig5 (low urgency) CVE-2019-19318 In the Linux kernel 5.3.11, mounting a crafted btrfs... <https://security-tracker.debian.org/tracker/CVE-2019-19318> - linux-libc-dev CVE-2019-19377 In the Linux kernel 5.0.21, mounting a crafted btrfs... <https://security-tracker.debian.org/tracker/CVE-2019-19377> - linux-libc-dev CVE-2019-19378 In the Linux kernel 5.0.21, mounting a crafted btrfs... <https://security-tracker.debian.org/tracker/CVE-2019-19378> - linux-libc-dev CVE-2019-19448 In the Linux kernel 5.0.21 and 5.3.11, mounting a... <https://security-tracker.debian.org/tracker/CVE-2019-19448> - linux-libc-dev CVE-2019-19449 In the Linux kernel 5.0.21, mounting a crafted f2fs... <https://security-tracker.debian.org/tracker/CVE-2019-19449> - linux-libc-dev CVE-2019-19770 ** DISPUTED ** In the Linux kernel 4.19.83, there is... <https://security-tracker.debian.org/tracker/CVE-2019-19770> - linux-libc-dev CVE-2019-19813 In the Linux kernel 5.0.21, mounting a crafted btrfs... <https://security-tracker.debian.org/tracker/CVE-2019-19813> - linux-libc-dev CVE-2019-19814 In the Linux kernel 5.0.21, mounting a crafted f2fs... <https://security-tracker.debian.org/tracker/CVE-2019-19814> - linux-libc-dev CVE-2019-19815 In the Linux kernel 5.0.21, mounting a crafted f2fs... <https://security-tracker.debian.org/tracker/CVE-2019-19815> - linux-libc-dev CVE-2019-19816 In the Linux kernel 5.0.21, mounting a crafted btrfs... <https://security-tracker.debian.org/tracker/CVE-2019-19816> - linux-libc-dev CVE-2019-19956 xmlParseBalancedChunkMemoryRecover in parser.c in... <https://security-tracker.debian.org/tracker/CVE-2019-19956> - libxml2 CVE-2019-20218 selectExpander in select.c in SQLite 3.30.1 proceeds... <https://security-tracker.debian.org/tracker/CVE-2019-20218> - libsqlite3-0 CVE-2019-20367 nlist.c in libbsd before 0.10.0 has an out-of-bounds... <https://security-tracker.debian.org/tracker/CVE-2019-20367> - libbsd0 CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10... <https://security-tracker.debian.org/tracker/CVE-2019-20388> - libxml2 CVE-2019-20454 An out-of-bounds read was discovered in PCRE before... <https://security-tracker.debian.org/tracker/CVE-2019-20454> - libpcre2-8-0 CVE-2019-20794 An issue was discovered in the Linux kernel 4.18... <https://security-tracker.debian.org/tracker/CVE-2019-20794> - linux-libc-dev CVE-2019-20907 In Lib/tarfile.py in Python through 3.8.3, an... <https://security-tracker.debian.org/tracker/CVE-2019-20907> - libpython2.7, libpython2.7-minimal, libpython2.7-stdlib, python2.7, python2.7-minimal (low urgency) CVE-2019-2201 In generate_jsimd_ycc_rgb_convert_neon of... <https://security-tracker.debian.org/tracker/CVE-2019-2201> - libjpeg62-turbo (low urgency) CVE-2019-3874 The SCTP socket buffer used by a userspace... <https://security-tracker.debian.org/tracker/CVE-2019-3874> - linux-libc-dev CVE-2019-6988 An issue was discovered in OpenJPEG 2.3.0. It allows... <https://security-tracker.debian.org/tracker/CVE-2019-6988> - libopenjp2-7 (low urgency) CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32... <https://security-tracker.debian.org/tracker/CVE-2020-10029> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales CVE-2020-10251 In ImageMagick 7.0.9, an out-of-bounds read... <https://security-tracker.debian.org/tracker/CVE-2020-10251> - imagemagick-6-common, libmagickcore-6.q16-6, libmagickwand-6.q16-6 (low urgency) CVE-2020-10648 Das U-Boot through 2020.01 allows attackers to... <https://security-tracker.debian.org/tracker/CVE-2020-10648> - u-boot-tools CVE-2020-10704 A flaw was found when using samba as an Active... <https://security-tracker.debian.org/tracker/CVE-2020-10704> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2020-10730 A NULL pointer dereference, or possible... <https://security-tracker.debian.org/tracker/CVE-2020-10730> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2020-10745 A flaw was found in all Samba versions before... <https://security-tracker.debian.org/tracker/CVE-2020-10745> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2020-10760 A use-after-free flaw was found in all samba LDAP... <https://security-tracker.debian.org/tracker/CVE-2020-10760> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a... <https://security-tracker.debian.org/tracker/CVE-2020-11655> - libsqlite3-0 CVE-2020-11725 ** DISPUTED ** snd_ctl_elem_add in... <https://security-tracker.debian.org/tracker/CVE-2020-11725> - linux-libc-dev CVE-2020-11984 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi... <https://security-tracker.debian.org/tracker/CVE-2020-11984> - apache2, apache2-bin, apache2-data, apache2-utils CVE-2020-11993 Apache HTTP Server versions 2.4.20 to 2.4.43 When... <https://security-tracker.debian.org/tracker/CVE-2020-11993> - apache2, apache2-bin, apache2-data, apache2-utils CVE-2020-12695 The Open Connectivity Foundation UPnP specification... <https://security-tracker.debian.org/tracker/CVE-2020-12695> - hostapd, wpasupplicant CVE-2020-12888 The VFIO PCI driver in the Linux kernel through... <https://security-tracker.debian.org/tracker/CVE-2020-12888> - linux-libc-dev CVE-2020-13434 SQLite through 3.32.0 has an integer overflow in... <https://security-tracker.debian.org/tracker/CVE-2020-13434> - libsqlite3-0 CVE-2020-13790 libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a... <https://security-tracker.debian.org/tracker/CVE-2020-13790> - libjpeg62-turbo CVE-2020-14155 libpcre in PCRE before 8.44 allows an integer... <https://security-tracker.debian.org/tracker/CVE-2020-14155> - libpcre3 CVE-2020-14303 A flaw was found in the AD DC NBT server in all... <https://security-tracker.debian.org/tracker/CVE-2020-14303> - libsmbclient, libwbclient0, python-samba, samba, samba-common, samba-common-bin, samba-libs CVE-2020-14304 ethtool when reading eeprom of device could lead to... <https://security-tracker.debian.org/tracker/CVE-2020-14304> - linux-libc-dev CVE-2020-14314 buffer uses out of index in ext3/4 filesystem <https://security-tracker.debian.org/tracker/CVE-2020-14314> - linux-libc-dev CVE-2020-14344 An integer overflow leading to a heap-buffer... <https://security-tracker.debian.org/tracker/CVE-2020-14344> - libx11-6, libx11-data CVE-2020-14356 A flaw null pointer dereference in the Linux kernel... <https://security-tracker.debian.org/tracker/CVE-2020-14356> - linux-libc-dev CVE-2020-14367 Insecure writing to PID file <https://security-tracker.debian.org/tracker/CVE-2020-14367> - chrony CVE-2020-15389 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a... <https://security-tracker.debian.org/tracker/CVE-2020-15389> - libopenjp2-7 CVE-2020-15709 <https://security-tracker.debian.org/tracker/CVE-2020-15709> - python3-software-properties, software-properties-common CVE-2020-15780 An issue was discovered in... <https://security-tracker.debian.org/tracker/CVE-2020-15780> - linux-libc-dev CVE-2020-15888 Lua through 5.4.0 mishandles the interaction between... <https://security-tracker.debian.org/tracker/CVE-2020-15888> - liblua5.1-0, liblua5.2-0 CVE-2020-15889 Lua through 5.4.0 has a getobjname heap-based buffer... <https://security-tracker.debian.org/tracker/CVE-2020-15889> - liblua5.1-0, liblua5.2-0 CVE-2020-15945 Lua through 5.4.0 has a segmentation fault in... <https://security-tracker.debian.org/tracker/CVE-2020-15945> - liblua5.1-0, liblua5.2-0 CVE-2020-16166 The Linux kernel through 5.7.11 allows remote... <https://security-tracker.debian.org/tracker/CVE-2020-16166> - linux-libc-dev CVE-2020-1751 An out-of-bounds write vulnerability was found in... <https://security-tracker.debian.org/tracker/CVE-2020-1751> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales CVE-2020-1752 A use-after-free vulnerability introduced in glibc... <https://security-tracker.debian.org/tracker/CVE-2020-1752> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41, redirects... <https://security-tracker.debian.org/tracker/CVE-2020-1927> - apache2, apache2-bin, apache2-data, apache2-utils (low urgency) CVE-2020-1934 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp... <https://security-tracker.debian.org/tracker/CVE-2020-1934> - apache2, apache2-bin, apache2-data, apache2-utils (low urgency) CVE-2020-3909 A buffer overflow was addressed with improved bounds... <https://security-tracker.debian.org/tracker/CVE-2020-3909> - libxml2 CVE-2020-3910 A buffer overflow was addressed with improved size... <https://security-tracker.debian.org/tracker/CVE-2020-3910> - libxml2 CVE-2020-6096 An exploitable signed comparison vulnerability exists... <https://security-tracker.debian.org/tracker/CVE-2020-6096> - libc-bin, libc-dev-bin, libc-l10n, libc6, libc6-dev, locales (low urgency) CVE-2020-6851 OpenJPEG through 2.3.1 has a heap-based buffer... <https://security-tracker.debian.org/tracker/CVE-2020-6851> - libopenjp2-7 CVE-2020-7068 <https://security-tracker.debian.org/tracker/CVE-2020-7068> - php7.3, php7.3-bz2, php7.3-cli, php7.3-common, php7.3-curl, php7.3-fpm, php7.3-gd, php7.3-gmp, php7.3-intl, php7.3-json, php7.3-ldap, php7.3-mbstring, php7.3-mysql, php7.3-opcache, php7.3-readline, php7.3-xml, php7.3-zip CVE-2020-7105 async.c and dict.c in libhiredis.a in hiredis through... <https://security-tracker.debian.org/tracker/CVE-2020-7105> - libhiredis0.14 CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2... <https://security-tracker.debian.org/tracker/CVE-2020-7595> - libxml2 CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in... <https://security-tracker.debian.org/tracker/CVE-2020-8112> - libopenjp2-7 CVE-2020-8177 <https://security-tracker.debian.org/tracker/CVE-2020-8177> - curl, libcurl3-gnutls, libcurl4 CVE-2020-8231 <https://security-tracker.debian.org/tracker/CVE-2020-8231> - curl, libcurl3-gnutls, libcurl4 CVE-2020-8432 In Das U-Boot through 2020.01, a double free has been... <https://security-tracker.debian.org/tracker/CVE-2020-8432> - u-boot-tools (low urgency) CVE-2020-8492 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6... <https://security-tracker.debian.org/tracker/CVE-2020-8492> - libpython2.7, libpython2.7-minimal, libpython2.7-stdlib, python2.7, python2.7-minimal CVE-2020-8622 In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5,... <https://security-tracker.debian.org/tracker/CVE-2020-8622> - bind9-host, dnsutils, libbind9-161, libdns-export1104, libdns1104, libirs161, libisc-export1100, libisc1100, libisccc161, libisccfg163, liblwres161 CVE-2020-8623 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5,... <https://security-tracker.debian.org/tracker/CVE-2020-8623> - bind9-host, dnsutils, libbind9-161, libdns-export1104, libdns1104, libirs161, libisc-export1100, libisc1100, libisccc161, libisccfg163, liblwres161 CVE-2020-8624 In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8,... <https://security-tracker.debian.org/tracker/CVE-2020-8624> - bind9-host, dnsutils, libbind9-161, libdns-export1104, libdns1104, libirs161, libisc-export1100, libisc1100, libisccc161, libisccfg163, liblwres161 CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A... <https://security-tracker.debian.org/tracker/CVE-2020-9490> - apache2, apache2-bin, apache2-data, apache2-utils CVE-2020-9794 An out-of-bounds read was addressed with improved... <https://security-tracker.debian.org/tracker/CVE-2020-9794> - libsqlite3-0 |
dobi13 a écrit: |
Fais gaffe si jamais ton voisin ressemble à ce mec-là :
t'es dans la Crotte... |
Sujets similaires |
|||||
Sujet | Auteur | Forum | Réponses | Posté le | |
---|---|---|---|---|---|
[PROBLEME] - Stockage du disque système SSD erroné | Dwarfcherry | L'atelier | 19 | 03 avril 2024 à 06:24 | |
[Debian-10] Migration de matériel, sans réinstallation | Comias | Linux | 2 | 26 mai 2022 à 02:42 | |
Clonage disque système - Solutions et problèmes | Old_Bear | La sélection des fermiers | 16 | 26 février 2022 à 14:16 | |
Conseil d'achat système audio Home cinema | Zoom | Audios | 40 | 28 novembre 2021 à 19:36 | |
reflux liquide dans reservoir quand le système est coupé | azureus | Watercooling | 4 | 06 mars 2021 à 11:02 |