Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

  • DSA-4487 neovim - security update
    User Arminius discovered a vulnerability in Vim, an enhanced version of thestandard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, anextensible editor focused on modern code and features:


  • DSA-4486 openjdk-11 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime,resulting in information disclosure, denial of service or bypass ofsandbox restrictions. In addition the implementation of elliptic curvecryptography was modernised.


  • DSA-4485 openjdk-8 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime,resulting in information disclosure, denial of service or bypass ofsandbox restrictions. In addition the implementation of elliptic curvecryptography was modernised.


  • DSA-4484 linux - security update
    Jann Horn discovered that the ptrace subsystem in the Linux kernelmishandles the management of the credentials of a process that wants tocreate a ptrace relationship, allowing a local user to obtain rootprivileges under certain scenarios.



  • DSA-4482 thunderbird - security update
    Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-sitescripting, spoofing, information disclosure, denial of service orcross-site request forgery.


  • DSA-4481 ruby-mini-magick - security update
    Harsh Jaiswal discovered a remote shell execution vulnerability inruby-mini-magick, a Ruby library providing a wrapper around ImageMagickor GraphicsMagick, exploitable when using MiniMagick::Image.open withspecially crafted URLs coming from unsanitized user input.


  • DSA-4480 redis - security update
    Multiple vulnerabilities were discovered in the HyperLogLog implementationof Redis, a persistent key-value database, which could result in denialof service or potentially the execution of arbitrary code.


  • DSA-4479 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, cross-site scripting, spoofing, information disclosure, denial ofservice or cross-site request forgery.


  • DSA-4478 dosbox - security update
    Two vulnerabilities were discovered in the DOSBox emulator, which couldresult in the execution of arbitrary code on the host running DOSBoxwhen running a malicious executable in the emulator.


  • DSA-4477 zeromq3 - security update
    Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, alightweight messaging kernel library. A remote, unauthenticated clientconnecting to an application using the libzmq library, running with asocket listening with CURVE encryption/authentication enabled, can takeadvantage of this flaw to cause a denial of service or the execution ofarbitrary code.


  • DSA-4476 python-django - security update
    Three security issues were found in Django, a Python web developmentframework, which could result in denial of service, incompletesanitisation of clickable links or missing redirects of HTTP requeststo HTTPS.


  • DSA-4475 openssl - security update
    Joran Dirk Greef discovered that overly long nonces used withChaCha20-Poly1305 were incorrectly processed and could result in noncereuse. This doesn't affect OpenSSL-internal uses of ChaCha20-Poly1305such as TLS.


  • DSA-4474 firefox-esr - security update
    A sandbox escape was found in the Mozilla Firefox web browser, whichcould potentially result in the execution of arbitrary code ifcombined with additional vulnerabilities.


  • DSA-4473 rdesktop - security update
    Multiple security issues were found in the rdesktop RDP client, whichcould result in denial of service and the execution of arbitrary code.


  • DSA-4472 expat - security update
    It was discovered that Expat, an XML parsing C library, did not properlyhandled XML input including XML names that contain a large number ofcolons, potentially resulting in denial of service.



Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM