DSA-4592 mediawiki – security update
It was discovered that the Title blacklist functionality in MediaWiki,a website engine for collaborative work, could by bypassed.
More info:
https://www.debian.org/security/2019/dsa-4592
DSA-4593 freeimage – security update
It was found that freeimage, a graphics library, was affected by thefollowing two security issues:
More info:
https://www.debian.org/security/2019/dsa-4593
DSA-4594 openssl1.0 – security update
Guido Vranken discovered an overflow bug in the x64_64 Montgomerysquaring procedure used in exponentiation with 512-bit moduli.
More info:
https://www.debian.org/security/2019/dsa-4594
DSA-4595 debian-lan-config – security update
It was discovered that debian-lan-config, a FAI config space for theDebian-LAN system, configured too permissive ACLs for the Kerberos adminserver, which allowed password changes for other user principals.
More info:
https://www.debian.org/security/2019/dsa-4595
DSA-4596 tomcat8 – security update
Several issues were discovered in the Tomcat servlet and JSP engine, whichcould result in session fixation attacks, information disclosure, cross-sitescripting, denial of service via resource exhaustion and insecureredirects.
More info:
https://www.debian.org/security/2019/dsa-4596
DSA-4596 tomcat8 – security update
Several issues were discovered in the Tomcat servlet and JSP engine, whichcould result in session fixation attacks, information disclosure, cross-sitescripting, denial of service via resource exhaustion and insecureredirects.
More info:
https://www.debian.org/security/2019/dsa-4596