Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>



Debian Planet

Debian Security Notices

  • DSA-3054 mysql-5.5 - security update
    Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:

  • DSA-3052 wpa - security update
    Jouni Malinen discovered an input sanitization issue in the wpa_cli andhostapd_cli tools included in the wpa package. A remote wifi systemwithin range could provide a crafted string triggering arbitrary codeexecution running with privileges of the affected wpa_cli or hostapd_cliprocess.

  • DSA-3050 iceweasel - security update
    Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, denial of service, the bypass of thesame-origin policy or a loss of privacy.

  • DSA-3049 wireshark - security update
    Multiple vulnerabilities were discovered in the dissectors/parsers forRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denialof service.

  • DSA-3048 apt - security update
    Guillem Jover discovered that the changelog retrieval functionality inapt-get used temporary files in an insecure way, allowing a local userto cause arbitrary files to be overwritten.

  • DSA-3047 rsyslog - security update
    Mancha discovered a vulnerability in rsyslog, a system for logprocessing. This vulnerability is an integer overflow that can betriggered by malformed messages to a server, if this one accepts datafrom untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.

  • DSA-3046 mediawiki - security update
    It was reported that MediaWiki, a website engine for collaborative work,allowed to load user-created CSS on pages where user-created JavaScriptis not allowed. A wiki user could be tricked into performing actions bymanipulating the interface from CSS, or JavaScript code being executedfrom CSS, on security-wise sensitive pages like Special:Preferences andSpecial:UserLogin. This update removes the separation of CSS andJavaScript module allowance.

  • DSA-3042 exuberant-ctags - security update
    Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a toolto build tag file indexes of source code definitions: Certain JavaScriptfiles cause ctags to enter an infinite loop until it runs out of diskspace, resulting in denial of service.

  • DSA-3041 xen - security update
    Multiple security issues have been discovered in the Xen virtualisationsolution which may result in denial of service, information disclosureor privilege escalation.

  • DSA-3040 rsyslog - security update
    Rainer Gerhards, the rsyslog project leader, reported a vulnerability inRsyslog, a system for log processing. As a consequence of thisvulnerability an attacker can send malformed messages to a server, ifthis one accepts data from untrusted sources, and trigger a denial ofservice attack.

  • DSA-3038 libvirt - security update
    Several vulnerabilities were discovered in Libvirt, a virtualisationabstraction library. The Common Vulnerabilities and Exposures projectidentifies the following problems:

  • DSA-3037 icedove - security update
    Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (theMozilla Network Security Service library, embedded in Wheezy's Icedove),was parsing ASN.1 data used in signatures, making it vulnerable to asignature forgery attack.

  • DSA-3035 bash - security update
    Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, wasincomplete and could still allow some characters to be injected intoanother environment (CVE-2014-7169). With this update prefix and suffixfor environment variable names which contain shell functions are addedas hardening measure.

  • DSA-3034 iceweasel - security update
    Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS(the Mozilla Network Security Service library, embedded in Wheezy'sIceweasel package), was parsing ASN.1 data used in signatures, making itvulnerable to a signature forgery attack.

  • DSA-3033 nss - security update
    Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS(the Mozilla Network Security Service library) was parsing ASN.1 dataused in signatures, making it vulnerable to a signature forgery attack.

  • DSA-3032 bash - security update
    Stephane Chazelas discovered a vulnerability in bash, the GNUBourne-Again Shell, related to how environment variables areprocessed. In many common configurations, this vulnerability isexploitable over the network, especially if bash has been configuredas the system shell.

  • DSA-3031 apt - security update
    The Google Security Team discovered a buffer overflow vulnerability inthe HTTP transport code in apt-get. An attacker able toman-in-the-middle a HTTP request to an apt repository can trigger thebuffer overflow, leading to a crash of the http apt method binary, orpotentially to arbitrary code execution.

Debian Forum at

Page last modified on September 14, 2006, at 12:07 AM