1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3650 libgcrypt20 - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute ofTechnology discovered a flaw in the mixing functions of Libgcrypt'srandom number generator. An attacker who obtains 4640 bits from the RNGcan trivially predict the next 160 bits of output.
- DSA-3649 gnupg - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute ofTechnology discovered a flaw in the mixing functions of GnuPG's randomnumber generator. An attacker who obtains 4640 bits from the RNG cantrivially predict the next 160 bits of output.
- DSA-3648 wireshark - security update
Multiple vulnerabilities were discovered in the dissectors for NDS,PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result indenial of service or the execution of arbitrary code.
- DSA-3647 icedove - security update
Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
- DSA-3644 fontconfig - security update
Tobias Stoeckmann discovered that cache files are insufficientlyvalidated in fontconfig, a generic font configuration library. Anattacker can trigger arbitrary free() calls, which in turn allows doublefree attacks and therefore arbitrary code execution. In combination withsetuid binaries using crafted cache files, this could allow privilegeescalation.
- DSA-3643 kde4libs - security update
Andreas Cord-Landwehr discovered that kde4libs, the core librariesfor all KDE 4 applications, do not properly handle the extractionof archives with "../" in the file paths. A remote attacker cantake advantage of this flaw to overwrite files outside of theextraction folder, if a user is tricked into extracting a speciallycrafted archive.
- DSA-3642 lighttpd - security update
Dominic Scheirlinck and Scott Geary of Vend reported insecure behaviorin the lighttpd web server. Lighttpd assigned Proxy header values fromclient requests to internal HTTP_PROXY environment variables, allowingremote attackers to carry out Man in the Middle (MITM) attacks orinitiate connections to arbitrary hosts.
- DSA-3641 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in breakouts ofthe Java sandbox or denial of service.
- DSA-3640 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code,cross-site scripting, information disclosure and bypass of the same-originpolicy.
- DSA-3639 wordpress - security update
Several vulnerabilities were discovered in wordpress, a web bloggingtool, which could allow remote attackers to compromise a site viacross-site scripting, bypass restrictions, obtain sensitiverevision-history information, or mount a denial of service.
- DSA-3636 collectd - security update
Emilien Gaspar discovered that collectd, a statistics collection andmonitoring daemon, incorrectly processed incoming networkpackets. This resulted in a heap overflow, allowing a remote attackerto either cause a DoS via application crash, or potentially executearbitrary code.
- DSA-3634 redis - security update
It was discovered that redis, a persistent key-value database, did notproperly protect redis-cli history files: they were created by defaultwith world-readable permissions.
- DSA-3635 libdbd-mysql-perl - security update
Two use-after-free vulnerabilities were discovered in DBD::mysql, a PerlDBI driver for the MySQL database server. A remote attacker can takeadvantage of these flaws to cause a denial-of-service against anapplication using DBD::mysql (application crash), or potentially toexecute arbitrary code with the privileges of the user running theapplication.
- DSA-3633 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
- DSA-3632 mariadb-10.0 - security update
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.26. Please see the MariaDB 10.0 Release Notes for furtherdetails:
- DSA-3631 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
- DSA-3630 libgd2 - security update
Secunia Research at Flexera Software discovered an integer overflowvulnerability within the _gdContributionsAlloc() function in libgd2, alibrary for programmatic graphics creation and manipulation. A remoteattacker can take advantage of this flaw to cause a denial-of-serviceagainst an application using the libgd2 library.
- DSA-3628 perl - security update
Multiple vulnerabilities were discovered in the implementation of thePerl programming language. The Common Vulnerabilities and Exposuresproject identifies the following problems: