Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3109 firebird2.5 - security update
    Dmitry Kovalenko discovered that the Firebird database server is proneto a denial of service vulnerability. An unauthenticated remote attackercould send a malformed network packet to a firebird server, which wouldcause the server to crash.


  • DSA-3106 jasper - security update
    Jose Duart of the Google Security Team discovered a double free flaw(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)in JasPer, a library for manipulating JPEG-2000 files. A speciallycrafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code.



  • DSA-3104 bsd-mailx - security update
    It was discovered that bsd-mailx, an implementation of the mailcommand, had an undocumented feature which treats syntactically validemail addresses as shell commands to execute.


  • DSA-3103 libyaml-libyaml-perl - security update
    Jonathan Gray and Stanislaw Pitucha found an assertion failure in theway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser andemitter library. An attacker able to load specially crafted YAML inputinto an application using libyaml could cause the application to crash.


  • DSA-3102 libyaml - security update
    Jonathan Gray and Stanislaw Pitucha found an assertion failure in theway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser andemitter library. An attacker able to load specially crafted YAML inputinto an application using libyaml could cause the application to crash.


  • DSA-3101 c-icap - security update
    Several vulnerabilities were found in c-icap, an ICAP serverimplementation, which could allow a remote attacker to cause c-icap tocrash, or have other, unspecified impacts.


  • DSA-3100 mediawiki - security update
    A flaw was discovered in mediawiki, a wiki engine: cross-domain-policymangling allows an article editor to inject code into API consumersthat deserialize PHP representations of the page from the API.


  • DSA-3099 dbus - security update
    Simon McVittie discovered that the fix forCVE-2014-3636 was incorrect, as it did not fully address the underlyingdenial-of-service vector. This update starts the D-Bus daemon as rootinitially, so that it can properly raise its file descriptor count.


  • DSA-3098 graphviz - security update
    Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code.


  • DSA-3096 pdns-recursor - security update
    Florian Maury from ANSSI discovered a flaw in pdns-recursor, arecursive DNS server : a remote attacker controllingmaliciously-constructed zones or a rogue server could affect theperformance of pdns-recursor, thus leading to resource exhaustion anda potential denial-of-service.


  • DSA-3097 unbound - security update
    Florian Maury from ANSSI discovered that unbound, a validating,recursive, and caching DNS resolver, was prone to a denial of servicevulnerability. An attacker crafting a malicious zone and able to emit(or make emit) queries to the server can trick the resolver intofollowing an endless series of delegations, leading to resourceexhaustion and huge network usage.





  • DSA-3092 icedove - security update
    Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail and news client: Multiple memory safetyerrors, buffer overflows, use-after-frees and other implementation errorsmay lead to the execution of arbitrary code, the bypass of securityrestrictions or denial of service.


  • DSA-3091 getmail4 - security update
    Several vulnerabilities have been discovered in getmail4, a mailretriever with support for POP3, IMAP4 and SDPS, that could allowman-in-the-middle attacks.


  • DSA-3090 iceweasel - security update
    Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service.


  • DSA-3089 jasper - security update
    Jose Duart of the Google Security Team discovered heap-based bufferoverflow flaws in JasPer, a library for manipulating JPEG-2000 files,which could lead to denial of service (application crash) or theexecution of arbitrary code.


  • DSA-3088 qemu-kvm - security update
    Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu-kvm, a fullvirtualization solution on x86 hardware. A privileged guest user coulduse this flaw to write into qemu address space on the host, potentiallyescalating their privileges to those of the qemu host process.


  • DSA-3087 qemu - security update
    Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu, a fast processoremulator. A privileged guest user could use this flaw to write into qemuaddress space on the host, potentially escalating their privileges tothose of the qemu host process.


  • DSA-3086 tcpdump - security update
    Several vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service, leaking sensitive information from memory or, potentially,execution of arbitrary code.


  • DSA-3085 wordpress - security update
    Multiple security issues have been discovered in Wordpress, a webblogging tool, resulting in denial of service or information disclosure.More information can be found in the upstream advisory at


  • DSA-3084 openvpn - security update
    Dragana Damjanovic discovered that an authenticated client could crashan OpenVPN server by sending a control packet containing less thanfour bytes as payload.


  • DSA-3083 mutt - security update
    A flaw was discovered in mutt, a text-based mailreader. A speciallycrafted mail header could cause mutt to crash, leading to a denial ofservice condition.


  • DSA-3082 flac - security update
    Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, ofRed Hat, discovered two issues in flac, a library handling FreeLossless Audio Codec media: by providing a specially crafted FLACfile, an attacker could execute arbitrary code.


  • DSA-3081 libvncserver - security update
    Several vulnerabilities have been discovered in libvncserver, a library toimplement VNC server functionality. These vulnerabilities might result in theexecution of arbitrary code or denial of service in both the client and theserver side.


  • DSA-3080 openjdk-7 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, information disclosure or denial of service.


  • DSA-3079 ppp - security update
    A vulnerability was discovered in ppp, an implementation of thePoint-to-Point Protocol: an integer overflow in the routineresponsible for parsing user-supplied options potentially allows alocal attacker to gain root privileges.


  • DSA-3078 libksba - security update
    An integer underflow flaw, leading to a heap-based buffer overflow, wasfound in the ksba_oid_to_str() function of libksba, an X.509 and CMS(PKCS#7) library. By using special crafted S/MIME messages or ECC basedOpenPGP data, it is possible to create a buffer overflow, which couldcause an application using libksba to crash (denial of service), orpotentially, execute arbitrary code.


  • DSA-3077 openjdk-6 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, information disclosure or denial of service.


  • DSA-3076 wireshark - security update
    Multiple vulnerabilities were discovered in the dissectors/parsers forSigComp UDVM, AMQP, NCP and TN5250, which could result in denial ofservice.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM