1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3144 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, information disclosure or denial of service.
- DSA-3140 xen - security update
Multiple security issues have been discovered in the Xen virtualisationsolution which may result in denial of service, information disclosureor privilege escalation.
- DSA-3139 squid - security update
Matthew Daley discovered that squid, a web proxy cache, does notproperly perform input validation when parsing requests. A remoteattacker could use this flaw to mount a denial of service attack, bysending specially crafted Range requests.
- DSA-3138 jasper - security update
An off-by-one flaw, leading to a heap-based buffer overflow(CVE-2014-8157), and an unrestricted stack memory use flaw(CVE-2014-8158) were found in JasPer, a library for manipulatingJPEG-2000 files. A specially crafted file could cause an applicationusing JasPer to crash or, possibly, execute arbitrary code.
- DSA-3137 websvn - security update
James Clawson discovered that websvn, a web viewer for Subversionrepositories, would follow symlinks in a repository when presenting afile for download. An attacker with repository write access couldthereby access any file on disk readable by the user the webserverruns as.
- DSA-3136 polarssl - security update
A vulnerability was discovered in PolarSSL, a lightweight crypto andSSL/TLS library. A remote attacker could exploit this flaw usingspecially crafted certificates to mount a denial of service against anapplication linked against the library (application crash), orpotentially, to execute arbitrary code.
- DSA-3135 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:
- DSA-3134 sympa - security update
A vulnerability has been discovered in the web interface of sympa, amailing list manager. An attacker could take advantage of this flaw inthe newsletter posting area, which allows sending to a list, or tooneself, any file located on the server filesystem and readable by thesympa user.
- DSA-3132 icedove - security update
Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail and news client: Multiple memory safetyerrors and implementation errors may lead to the execution of arbitrarycode, information leaks or denial of service.
- DSA-3131 xdg-utils - security update
John Houwer discovered a way to cause xdg-open, a tool that automaticallyopens URLs in a user's preferred application, to execute arbitrarycommands remotely.
- DSA-3130 lsyncd - security update
It was discovered that lsyncd, a daemon to synchronize local directoriesusing rsync, performed insufficient sanitising of filenames which mightresult in the execution of arbitrary commands.
- DSA-3127 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errorsand implementation errors may lead to the execution of arbitrary code,information leaks or denial of service.
- DSA-3126 php5 - security update
It was discovered that libmagic as used by PHP, would trigger an outof bounds memory access when trying to identify a crafted file.
- DSA-3125 openssl - security update
Multiple vulnerabilities have been discovered in OpenSSL, a SecureSockets Layer toolkit. The Common Vulnerabilities and Exposures projectidentifies the following issues:
- DSA-3124 otrs2 - security update
Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovereda privilege escalation vulnerability in otrs2, the Open Ticket RequestSystem. An attacker with valid OTRS credentials could access andmanipulate ticket data of other users via the GenericInterface, if aticket webservice is configured and not additionally secured.
- DSA-3123 binutils - security update
Multiple security issues have been found in binutils, a toolbox forbinary file manipulation. These vulnerabilities include multiple memorysafety errors, buffer overflows, use-after-frees and other implementationerrors may lead to the execution of arbitrary code, the bypass of securityrestrictions, path traversal attack or denial of service.
- DSA-3122 curl - security update
Andrey Labunets of Facebook discovered that cURL, an URL transferlibrary, fails to properly handle URLs with embedded end-of-linecharacters. An attacker able to make an application using libcurl toaccess a specially crafted URL via an HTTP proxy could use this flaw todo additional requests in a way that was not intended, or insertadditional request headers into the request.
- DSA-3121 file - security update
Multiple security issues have been found in file, a tool/library todetermine a file type. Processing a malformed file could result indenial of service. Most of the changes are related to parsing ELFfiles.
- DSA-3120 mantis - security update
Multiple security issues have been found in the Mantis bug trackingsystem, which may result in phishing, information disclosure, CAPTCHAbypass, SQL injection, cross-site scripting or the execution of arbitraryPHP code.
- DSA-3119 libevent - security update
Andrew Bartlett of Catalyst reported a defect affecting certainapplications using the Libevent evbuffer API. This defect leavesapplications which pass insanely large inputs to evbuffers open to apossible heap overflow or infinite loop. In order to exploit this flaw,an attacker needs to be able to find a way to provoke the program intotrying to make a buffer chunk larger than what will fit into a singlesize_t or off_t.
- DSA-3118 strongswan - security update
Mike Daskalakis reported a denial of service vulnerability in charon,the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establishIPsec protected links.
- DSA-3117 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.