Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-SideScripting (XSS) and PHP injections attacks, delete files, leakpotentially sensitive data, create posts of unauthorized types, orcause denial-of-service by application crash.
More info:
https://www.debian.org/security/2019/dsa-4401
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a paddingoracle attack in OpenSSL.
More info:
https://www.debian.org/security/2019/dsa-4400
Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language: Multiple out-of-bounds memoryaccesses were found in the xmlrpc, mbstring and phar extensions andthe dns_get_record() function.
More info:
https://www.debian.org/security/2019/dsa-4398
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare()function of ldb, a LDAP-like embedded database, resulting in denial ofservice.
More info:
https://www.debian.org/security/2019/dsa-4397
Joey Hess discovered that the aggregate plugin of the Ikiwiki wikicompiler was susceptible to server-side request forgery, resulting ininformation disclosure or denial of service.
More info:
https://www.debian.org/security/2019/dsa-4399
