1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3863 imagemagick - security update
This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service, memory disclosure or the execution ofarbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.
- DSA-3862 puppet - security update
It was discovered that unrestricted YAML deserialisation of data sentfrom agents to the server in the Puppet configuration management systemcould result in the execution of arbitrary code.
- DSA-3861 libtasn1-6 - security update
Jakub Jirasek of Secunia Research discovered that libtasn1, a libraryused to handle Abstract Syntax Notation One structures, did notproperly validate its input. This would allow an attacker to cause acrash by denial-of-service, or potentially execute arbitrary code, bytricking a user into processing a maliciously crafted assignmentsfile.
- DSA-3860 samba - security update
steelo discovered a remote code execution vulnerability in Samba, aSMB/CIFS file, print, and login server for Unix. A malicious client withaccess to a writable share, can take advantage of this flaw by uploadinga shared library and then cause the server to load and execute it.
- DSA-3858 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in privilegeescalation, denial of service, newline injection in SMTP or use ofinsecure cryptography.
- DSA-3856 deluge - security update
Two vulnerabilities have been discovered in the web interface of theDeluge BitTorrent client (directory traversal and cross-site requestforgery).
- DSA-3855 jbig2dec - security update
Multiple security issues have been found in the JBIG2 decoder library,which may lead to denial of service, disclosure of sensitive informationfrom process memory or the execution of arbitrary code if a malformedimage file (usually embedded in a PDF document) is opened.
- DSA-3853 bitlbee - security update
It was discovered that bitlbee, an IRC to other chat networks gateway,contained issues that allowed a remote attacker to cause a denial ofservice (via application crash), or potentially execute arbitrarycommands.
- DSA-3854 bind9 - security update
Several vulnerabilities were discovered in BIND, a DNS serverimplementation. The Common Vulnerabilities and Exposures projectidentifies the following problems:
- DSA-3852 squirrelmail - security update
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, awebmail application, incorrectly handled a user-supplied value. Thiswould allow a logged-in user to run arbitrary commands on the server.
- DSA-3850 rtmpdump - security update
Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a smalldumper/library for RTMP media streams, which may result in denial ofservice or the execution of arbitrary code if a malformed stream isdumped.
- DSA-3849 kde4libs - security update
Several vulnerabilities were discovered in kde4libs, the core librariesfor all KDE 4 applications. The Common Vulnerabilities and Exposuresproject identifies the following problems:
- DSA-3848 git - security update
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restrictedlogin shell for Git-only SSH access, allows a user to run an interactivepager by causing it to spawn "git upload-pack --help".
- DSA-3847 xen - security update
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xenhypervisor, which may lead to privilege escalation, guest-to-hostbreakout, denial of service or information leaks.
- DSA-3846 libytnef - security update
Several issues were discovered in libytnef, a library used to decodeapplication/ms-tnef e-mail attachments. Multiple heap overflows,out-of-bound writes and reads, NULL pointer dereferences and infiniteloops could be exploited by tricking a user into opening a maliciouslycrafted winmail.dat file.
- DSA-3845 libtirpc - security update
Guido Vranken discovered that incorrect memory management in libtirpc,a transport-independent RPC library used by rpcbind and other programsmay result in denial of service via memory exhaustion (depending onmemory management settings).
- DSA-3844 tiff - security update
Multiple vulnerabilities have been discovered in the libtiff library andthe included tools, which may result in denial of service, memorydisclosure or the execution of arbitrary code.
- DSA-3839 freetype - security update
Several vulnerabilities were discovered in Freetype. Opening malformedfonts may result in denial of service or the execution of arbitrarycode.
- DSA-3838 ghostscript - security update
Several vulnerabilities were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which may lead to the execution of arbitrarycode or denial of service if a specially crafted Postscript file isprocessed.
- DSA-3837 libreoffice - security update
It was discovered that a buffer overflow in processing Windows Metafilesmay result in denial of service or the execution of arbitrary code ifa malformed document is opened.
- DSA-3836 weechat - security update
It was discovered that weechat, a fast and light chat client, is proneto a buffer overflow vulnerability in the IRC plugin, allowing a remoteattacker to cause a denial-of-service by sending a specially craftedfilename via DCC.
- DSA-3835 python-django - security update
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems: