Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

  • DSA-4609 python-apt - security update
    Two security issues were found in the Python interface to the aptpackage manager; package downloads from unsigned repositories wereincorrectly rejected and the hash validation relied on MD5.



  • DSA-4607 openconnect - security update
    Lukas Kupczyk reported a vulnerability in the handling of chunked HTTPin openconnect, an open client for Cisco AnyConnect, Pulse andGlobalProtect VPN. A malicious HTTP server (after having accepted itsidentity certificate), can provide bogus chunk lengths for chunked HTTPencoding and cause a heap-based buffer overflow.



  • DSA-4605 openjdk-11 - security update
    Several vulnerabilities have been discovered in the OpenJDK Javaruntime, resulting in denial of service, incorrect implementation ofKerberos GSSAPI and TGS requests or incorrect TLS handshakes.


  • DSA-4604 cacti - security update
    Multiple issues have been found in cacti, a server monitoring system,potentially resulting in SQL code execution or information disclosure byauthenticated users.



  • DSA-4602 xen - security update
    Multiple vulnerabilities have been discovered in the Xen hypervisor, whichcould result in denial of service, guest-to-host privilege escalation orinformation leaks.


  • DSA-4601 ldm - security update
    It was discovered that a hook script of ldm, the display manager for theLinux Terminal Server Project, incorrectly parsed responses from an SSHserver, which could result in local root privilege escalation.


  • DSA-4600 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the executionof arbitrary code, data exfiltration or cross-site scripting.


  • DSA-4599 wordpress - security update
    Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-SideScripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, createopen redirects, poison cache, and bypass authorization access andinput sanitation.


  • DSA-4598 python-django - security update
    Simon Charette reported that the password reset functionality in Django,a high-level Python web development framework, uses a Unicodecase-insensitive query to retrieve accounts matching the email addressrequesting the password reset. An attacker can take advantage of thisflaw to potentially retrieve password reset tokens and hijack accounts.


  • DSA-4597 netty - security update
    It was reported that Netty, a Java NIO client/server framework, is proneto a HTTP request smuggling vulnerability due to mishandling whitespacebefore the colon in HTTP headers.


  • DSA-4596 tomcat8 - security update
    Several issues were discovered in the Tomcat servlet and JSP engine, whichcould result in session fixation attacks, information disclosure, cross-sitescripting, denial of service via resource exhaustion and insecureredirects.


  • DSA-4595 debian-lan-config - security update
    It was discovered that debian-lan-config, a FAI config space for theDebian-LAN system, configured too permissive ACLs for the Kerberos adminserver, which allowed password changes for other user principals.





Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM