1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4341 mariadb-10.1 - security update
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.1.37. Please see the MariaDB 10.1 Release Notes for furtherdetails:
- DSA-4339 ceph - security update
Multiple vulnerabilities were discovered in Ceph, a distributed storageand file system: The cephx authentication protocol was suspectible toreplay attacks and calculated signatures incorrectly, ceph mon did notvalidate capabilities for pool operations (resulting in potentialcorruption or deletion of snapshot images) and a format stringvulnerability in libradosstriper could result in denial of service.
- DSA-4338 qemu - security update
Integer overflows in the processing of packets in network cards emulatedby QEMU, a fast processor emulator, could result in denial of service.
- DSA-4336 ghostscript - security update
Several vulnerabilities were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which may result in denial of service,disclosure of existence and size of arbitrary files, or the execution ofarbitrary code if a malformed Postscript file is processed (despite thedSAFER sandbox being enabled).
- DSA-4335 nginx - security update
Three vulnerabilities were discovered in Nginx, a high-performance weband reverse proxy server, which could result in denial of service in processingHTTP/2 (via excessive memory/CPU usage) or server memory disclosure inthe ngx_http_mp4_module module (used for server-side MP4 streaming).
- DSA-4334 mupdf - security update
Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-bookviewer which could result in denial of service or the execution ofarbitrary code if malformed documents are opened.
- DSA-4333 icecast2 - security update
Nick Rolfe discovered multiple buffer overflows in the Icecast multimediastreaming server which could result in the execution of arbitrary code.
- DSA-4332 ruby2.3 - security update
Several vulnerabilities have been discovered in the interpreter for theRuby language. The Common Vulnerabilities and Exposures projectidentifies the following problems:
- DSA-4329 teeworlds - security update
It was discovered that incorrect connection setup in the server forTeeworlds, an online multi-player platform 2D shooter, could result indenial of service via forged connection packets (rendering all gameserver slots occupied).
- DSA-4328 xorg-server - security update
Narendra Shinde discovered that incorrect command-line parametervalidation in the Xorg X server may result in arbitary file overwrite,which can result in privilege escalation.
- DSA-4327 thunderbird - security update
Multiple security issues have been found in Thunderbird: Multiple memorysafety errors and use-after-frees may lead to the execution of arbitrarycode or denial of service.
- DSA-4326 openjdk-8 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in denial ofservice, sandbox bypass, incomplete TLS identity verification,information disclosure or the execution of arbitrary code.
- DSA-4324 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could result in the execution of arbitrary code,privilege escalation or information disclosure.