1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4744 roundcube - security update
It was discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, is prone to cross-site scriptingvulnerabilities in handling invalid svg and math tag content.
- DSA-4743 ruby-kramdown - security update
A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdownparser and converter, which could result in unintended read access tofiles or unintended embedded Ruby code execution when the #::options /%extension is used together with the template option.
- DSA-4741 json-c - security update
Tobias Stoeckmann discovered an integer overflow in the json-c JSONlibrary, which could result in denial of service or potentially theexecution of arbitrary code if large malformed JSON files are processed.
- DSA-4738 ark - security update
Dominik Penner discovered that the Ark archive manager did not sanitiseextraction paths, which could result in maliciously crafted archiveswriting outside the extraction directory.
- DSA-4737 xrdp - security update
Ashley Newson discovered that the XRDP sessions manager was susceptibleto denial of service. A local attacker can further take advantage ofthis flaw to impersonate the XRDP sessions manager and capture any usercredentials that are submitted to XRDP, approve or reject arbitrarylogin credentials or to hijack existing sessions for xorgxrdp sessions.
- DSA-4736 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the execution ofarbitrary code or an information leak.
- DSA-4734 openjdk-11 - security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,resulting in denial of service, bypass of access/sandbox restrictions orinformation disclosure.
- DSA-4733 qemu - security update
It was discovered that incorrect memory handling in the SLIRP networkingimplementation could result in denial of service or potentially theexecution of arbitrary code.
- DSA-4732 squid - security update
Two security issues were discovered in the Squid proxy cachingserver, which could result in cache poisoning, request smugglingand incomplete validation of hostnames in cachemgr.cgi.
- DSA-4731 redis - security update
An integer overflow flaw leading to a stack-based buffer overflow wasdiscovered in redis, a persistent key-value database. A remote attackercan use this flaw to cause a denial of service (application crash).
- DSA-4730 ruby-sanitize - security update
Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTMLsanitizer, is prone to a HTML sanitization bypass vulnerability whenusing the relaxed or a custom config allowing certain elements.Content in a ?math? or ?svg? element may not be sanitized correctly evenif math and svg are not in the allowlist.
- DSA-4729 libopenmpt - security update
Two security issues were found in libopenmpt, a cross-platform C++ andC library to decode tracked music files, which could result in denial ofservice and potentially the execution of arbitrary code if malformed musicfiles are processed.
- DSA-4726 nss - security update
Several vulnerabilities were discovered in NSS, a set of cryptographiclibraries, which may result in side channel/timing attacks or denialof service.