Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

  • DSA-4252 znc - security update
    Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer whichcould result in privilege escalation or denial of service.


  • DSA-4251 vlc - security update
    A use-after-free was discovered in the MP4 demuxer of the VLC mediaplayer, which could result in the execution of arbitrary code if amalformed media file is played.



  • DSA-4249 ffmpeg - security update
    Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.


  • DSA-4248 blender - security update
    Multiple vulnerabilities have been discovered in various parsers ofBlender, a 3D modeller/ renderer. Malformed .blend model files andmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) mayresult in the execution of arbitrary code.



  • DSA-4246 mailman - security update
    Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discoveredthat mailman, a web-based mailing list manager, is prone to a cross-sitescripting flaw allowing a malicious listowner to inject scripts into thelistinfo page, due to not validated input in the host_name field.


  • DSA-4245 imagemagick - security update
    This update fixes several vulnerabilities in Imagemagick, a graphicalsoftware suite. Various memory handling problems or incomplete inputsanitising could result in denial of service or the execution ofarbitrary code.


  • DSA-4244 thunderbird - security update
    Multiple security issues have been found in Thunderbird, which may leadto the execution of arbitrary code, denial of service or attacks onencrypted emails.


  • DSA-4243 cups - security update
    Several vulnerabilities were discovered in CUPS, the Common UNIX PrintingSystem. These issues have been identified with the following CVE ids:


  • DSA-4242 ruby-sprockets - security update
    Orange Tsai discovered a path traversal flaw in ruby-sprockets, aRack-based asset packaging system. A remote attacker can take advantageof this flaw to read arbitrary files outside an application's rootdirectory via specially crafted requests, when the Sprockets server isused in production.


  • DSA-4241 libsoup2.4 - security update
    It was discovered that the Soup HTTP library performed insufficientvalidation of cookie requests which could result in an out-of-boundsmemory read.



  • DSA-4239 gosa - security update
    Fabian Henneke discovered a cross-site scripting vulnerability in thepassword change form of GOsa, a web-based LDAP administration program.


  • DSA-4238 exiv2 - security update
    Several vulnerabilities have been discovered in Exiv2, a C++ library anda command line utility to manage image metadata which could result indenial of service or the execution of arbitrary code if a malformed fileis parsed.




  • DSA-4235 firefox-esr - security update
    Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and other implementation errors maylead to the execution of arbitrary code, denial of service, cross-siterequest forgery or information disclosure.


  • DSA-4234 lava-server - security update
    Two vulnerabilities were discovered in LAVA, a continuous integrationsystem for deploying operating systems for running tests, which couldresult in information disclosure of files readable by the lavaserversystem user or the execution of arbitrary code via a XMLRPC call.


  • DSA-4233 bouncycastle - security update
    It was discovered that the low-level interface to the RSA key pairgenerator of Bouncy Castle (a Java implementation of cryptographicalgorithms) could perform less Miller-Rabin primality tests thanexpected.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM