1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4449 ffmpeg - security update
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
- DSA-4446 lemonldap-ng - security update
It was discovered that the Lemonldap::NG web SSO system performedinsufficient validation of session tokens if the tokenUseGlobalStorageoption is enabled, which could grant users with access to the mainsession database access to an anonymous session.
- DSA-4445 drupal7 - security update
It was discovered that incomplete validation in a Phar processinglibrary embedded in Drupal, a fully-featured content managementframework, could result in information disclosure.
- DSA-4444 linux - security update
Multiple researchers have discovered vulnerabilities in the way theIntel processor designs have implemented speculative forwarding of datafilled into temporary microarchitectural structures (buffers). Thisflaw could allow an attacker controlling an unprivileged process toread sensitive information, including from the kernel and all otherprocesses running on the system or cross guest/host boundaries to readhost memory.
- DSA-4443 samba - security update
Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberosextension used in Samba's Active Directory support was susceptible toman-in-the-middle attacks caused by incomplete checksum validation.
- DSA-4442 ghostscript - security update
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDFinterpreter, which may result in denial of service or the execution ofarbitrary code if a malformed Postscript file is processed (despite the-dSAFER sandbox being enabled).
- DSA-4441 symfony - security update
Multiple vulnerabilities were discovered in the Symfony PHP frameworkwhich could lead to cache bypass, authentication bypass, informationdisclosure, open redirect, cross-site request forgery, deletion ofarbitrary files, or arbitrary code execution.
- DSA-4438 atftp - security update
Denis Andzakovic discovered two vulnerabilities in atftp, the advancedTFTP server which could result in denial of service by sending malformedpackets.
- DSA-4436 imagemagick - security update
This update fixes two vulnerabilities in Imagemagick: Memory handlingproblems and missing or incomplete input sanitising may result in denialof service, memory disclosure or the execution of arbitrary code ifmalformed TIFF or Postscript files are processed.
- DSA-4435 libpng1.6 - security update
A use-after-free vulnerability was discovered in the png_image_free()function in the libpng PNG library, which could lead to denial ofservice or potentially the execution of arbitrary code if a malformedimage is processed.