Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3982 perl - security update
    Multiple vulnerabilities were discovered in the implementation of thePerl programming language. The Common Vulnerabilities and Exposuresproject identifies the following problems:


  • DSA-3981 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to privilege escalation, denial of service or informationleaks.


  • DSA-3980 apache2 - security update
    Hanno Boeck discovered that incorrect parsing of Limit directives of.htaccess files by the Apache HTTP Server could result in memorydisclosure.


  • DSA-3979 pyjwt - security update
    It was discovered that PyJWT, a Python implementation of JSON Web Tokenperformed insufficient validation of some public key types, which couldallow a remote attacker to craft JWTs from scratch.


  • DSA-3978 gdk-pixbuf - security update
    Marcin Noga discovered a buffer overflow in the JPEG loader of the GDKPixbuf library, which may result in the execution of arbitrary code ifa malformed file is opened.


  • DSA-3977 newsbeuter - security update
    It was discovered that podbeuter, the podcast fetcher in newsbeuter, atext-mode RSS feed reader, did not properly escape the name of the mediaenclosure (the podcast file), allowing a remote attacker to run anarbitrary shell command on the client machine. This is only exploitableif the file is also played in podbeuter.


  • DSA-3976 freexl - security update
    Marcin Icewall Noga of Cisco Talos discovered two vulnerabilities infreexl, a library to read Microsoft Excel spreadsheets, which mightresult in denial of service or the execution of arbitrary code if amalformed Excel file is opened.


  • DSA-3975 emacs25 - security update
    Charles A. Roelli discovered that Emacs is vulnerable to arbitrary codeexecution when rendering text/enriched MIME data (e.g. when usingEmacs-based mail clients).




  • DSA-3972 bluez - security update
    An information disclosure vulnerability was discovered in the ServiceDiscovery Protocol (SDP) in bluetoothd, allowing a proximate attacker toobtain sensitive information from bluetoothd process memory, includingBluetooth encryption keys.


  • DSA-3971 tcpdump - security update
    Several vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service or, potentially, execution of arbitrary code.


  • DSA-3970 emacs24 - security update
    Charles A. Roelli discovered that Emacs is vulnerable to arbitrary codeexecution when rendering text/enriched MIME data (e.g. when usingEmacs-based mail clients).




  • DSA-3967 mbedtls - security update
    An authentication bypass vulnerability was discovered in mbed TLS, alightweight crypto and SSL/TLS library, when the authentication mode isconfigured as optional. A remote attacker can take advantage of thisflaw to mount a man-in-the-middle attack and impersonate an intendedpeer via an X.509 certificate chain with many intermediates.



  • DSA-3965 file - security update
    Thomas Jarosch discovered a stack-based buffer overflow flaw in file, afile type classification tool, which may result in denial of service ifan ELF binary with a specially crafted .notes section is processed.


  • DSA-3964 asterisk - security update
    Multiple vulnerabilities have been discovered in Asterisk, an open sourcePBX and telephony toolkit, which may result in disclosure of RTPconnections or the execution of arbitrary shell commands.




  • DSA-3961 libgd2 - security update
    A double-free vulnerability was discovered in the gdImagePngPtr()function in libgd2, a library for programmatic graphics creation andmanipulation, which may result in denial of service or potentially theexecution of arbitrary code if a specially crafted file is processed.


  • DSA-3960 gnupg - security update
    Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon GrootBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal andYuval Yarom discovered that GnuPG is prone to a local side-channelattack allowing full key recovery for RSA-1024.


  • DSA-3959 libgcrypt20 - security update
    Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcryptis prone to a local side-channel attack against the ECDH encryption withCurve25519, allowing recovery of the private key.


  • DSA-3958 fontforge - security update
    It was discovered that FontForge, a font editor, did not correctlyvalidate its input. An attacker could use this flaw by tricking a userinto opening a maliciously crafted OpenType font file, thus causing adenial-of-service via application crash, or execution of arbitrarycode.


  • DSA-3957 ffmpeg - security update
    Several vulnerabilities have been discovered in FFmpeg, a multimediaplayer, server and encoder. These issues could lead to Denial-of-Serviceand, in some situation, the execution of arbitrary code.


  • DSA-3956 connman - security update
    Security consultants in NRI Secure Technologies discovered a stackoverflow vulnerability in ConnMan, a network manager for embeddeddevices. An attacker with control of the DNS responses to the DNS proxyin ConnMan might crash the service and, in same cases, remotely executearbitrary commands in the host running the service.


  • DSA-3955 mariadb-10.1 - security update
    Several issues have been discovered in the MariaDB database server.The vulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.1.26. Please see the MariaDB 10.1 Release Notes for furtherdetails:


  • DSA-3954 openjdk-7 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in sandbox bypass,incorrect authentication, the execution of arbitrary code, denial ofservice, information disclosure, use of insecure cryptography orbypassing Jar verification.


  • DSA-3953 aodh - security update
    Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarmengine for OpenStack. Aodh does not verify that the user creating thealarm is the trustor or has the same rights as the trustor, nor that thetrust is for the same project as the alarm. The bug allows that anauthenticated user without a Keystone token with knowledge of trust IDsto perform unspecified authenticated actions by adding alarm actions.


  • DSA-3952 libxml2 - security update
    Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, information leaks, or potentially, the execution ofarbitrary code with the privileges of the user running the application.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM