• Home
• About
• Calendar
• How Tos
• Blogs
• Articles
• Forums
• News
• Site Map

<< Mandriva | Distributions | Gentoo >>

Debian Security Notices

• DSA-2669 linux - privilege escalation/denial of service/information leak
  Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service, information leak or privilege escalation. The CommonVulnerabilities and Exposures project identifies the following problems:
  

• DSA-2668 linux-2.6 - privilege escalation/denial of service/information leak
  Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service, information leak or privilege escalation. The CommonVulnerabilities and Exposures project identifies the following problems:
  

• DSA-2667 mysql-5.5 - several vulnerabilities
  Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to a new upstreamversion, 5.5.31, which includes additional changes, such as performanceimprovements and corrections for data loss defects.
  

• DSA-2666 xen - several vulnerabilities
  Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
  

• DSA-2664 stunnel4 - buffer overflow
  Stunnel, a program designed to work as an universal SSL tunnel fornetwork daemons, is prone to a buffer overflow vulnerability when usingthe Microsoft NT LAN Manager (NTLM) authentication(protocolAuthentication = NTLM) together with the connectprotocol method (protocol = connect). With these prerequisitesand using stunnel4 in SSL client mode (client = yes) on a 64 bithost, an attacker could possibly execute arbitrary code with theprivileges of the stunnel process, if the attacker can either controlthe specified proxy server or perform man-in-the-middle attacks on thetcp session between stunnel and the proxy sever.
  

• DSA-2665 strongswan - authentication bypass
  Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsecbased VPN solution.
  

• DSA-2663 tinc - stack based buffer overflow
  Martin Schobert discovered a stack-based vulnerability in tinc, aVirtual Private Network (VPN) daemon.
  

• DSA-2660 curl - exposure of sensitive information
  Yamada Yasuharu discovered that cURL, an URL transfer library, isvulnerable to expose potentially sensitive information when doingrequests across domains with matching tails. Due to a bug in thetailmatch function when matching domain names, it was possible thatcookies set for a domain ample.com could accidentally also be sentby libcurl when communicating with example.com.
  

• DSA-2662 xen - several vulnerabilities
  Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
  

• DSA-2661 xorg-server - information disclosure
  David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,the X.Org X server was vulnerable to an information disclosure flawrelated to input handling and devices hotplug.
  

Debian Forum at linuxquestions.org

• Older Citrix client for Linux
• [SOLVED] cannot install teamviewer on wheezy
• Re steps upgrade Debian 6 to Debian 7
• [SOLVED] Can the cd (not dvd) images be used as a repo.
• Centos server crash with too many httpd process in D state
• Original Fuloong/Yeelong boot.cfg
• How to install same packages on new release?
• [SOLVED] Difference between apt-get and aptitude
• Build own SMS gateway with Debian
• where is the init samba script
• [SOLVED] Debian ustable, and stable release of Wheezy
• Unidentified video mode number
• Best image viewer,djvu viewer pdf viewer cd/dvd writer for debian 7
• gksudo nautilus - Open As Administrator - Right Click - Context Menu
• Error: krarc is disabled
• after upgrade to wheezy, desktop doesn't load
• command line, create iso file and burn it on a CD
• [SOLVED] The following packages have been kept back
• An error has occured and downloading has been aborted.
• [SOLVED] Upgrading Remote Computer to 7.0 - Needs Non-free Firmware for NIC
• i installed glib from source on debian but atk configure still see old ver of glib
• Wheezy (stable) DVD video jitters
• Wheezy, OpenBox. Strange terminal emulator text.
• [SOLVED] After upgrading to kernel 3.8 module-assistant can't find kernel headers (Debian Sid)
• [SOLVED] troubles installing debian 7.0.0 with wireless networking
• compile/install newer versions of progs like gawk should i purge dpkg?
• Overall stability of debian from version to version?
• NIC not shutting down completely after upgrade to Wheezy
• Why can't I install Debian7.0.0 from harddrive in this way?
• [SOLVED] Squeeze -> Wheezy: problems with procps
• Cannot boot Debian on HP probook 4540s USB
• Synaptic running problem in Debian 7/Wheezy
• [SOLVED] Synaptic install problem on D7/Wheezy
• update-grub question
• Dlink NAS not connected even thou FSTAB listed.
• apt-get update from cd/dvd no internet
• Squeeze to Wheezy Install Froze
• HP printer cannot access gnome-keyring
• error - unable to mount networked drive
• sendmail (Smart Host) authentication with server using certificates
• [SOLVED] Wheezy sourcelist ?
• Jessie-[Testing] explodes into life!!!
• [SOLVED] Questions on GPG keyrings for debain apt-get? (fixing problem with gpg)
• Debian 7 Released
• Gcc 4.7. ld: cannot find crt1.o
• Which architecture is Intel core i7 ?
• XFCE4, Wheezy, Open Dialog
• Debian Include VirtualBox Modules?
• [SOLVED] getting notified of updates in xfce
• *** basic debain bootloader question ***
• [SOLVED] Moving Wine Program between distros?
• apps don't run in blackbox over xdmcp
• [SOLVED] Iceweasel -> Segmentation fault
• [SOLVED] Complete system crash / Debian Testing AMD64 / Thinkpad T520i
• A missing package? If yes, which one?
• Spring is here and Jessie is coming!
• Grub error (raid1)