It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.
A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows. It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a ...
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attribute length is invalid. A configured BGP peer can take advantage of this bug to read memory from the ...
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.
Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.
Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems. See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.