Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>



Debian Planet

Error: It's not possible to reach RSS file ...

Debian Security Notices

  • DSA-4609 python-apt - security update
    Two security issues were found in the Python interface to the aptpackage manager; package downloads from unsigned repositories wereincorrectly rejected and the hash validation relied on MD5.

  • DSA-4607 openconnect - security update
    Lukas Kupczyk reported a vulnerability in the handling of chunked HTTPin openconnect, an open client for Cisco AnyConnect, Pulse andGlobalProtect VPN. A malicious HTTP server (after having accepted itsidentity certificate), can provide bogus chunk lengths for chunked HTTPencoding and cause a heap-based buffer overflow.

  • DSA-4605 openjdk-11 - security update
    Several vulnerabilities have been discovered in the OpenJDK Javaruntime, resulting in denial of service, incorrect implementation ofKerberos GSSAPI and TGS requests or incorrect TLS handshakes.

  • DSA-4604 cacti - security update
    Multiple issues have been found in cacti, a server monitoring system,potentially resulting in SQL code execution or information disclosure byauthenticated users.

  • DSA-4602 xen - security update
    Multiple vulnerabilities have been discovered in the Xen hypervisor, whichcould result in denial of service, guest-to-host privilege escalation orinformation leaks.

  • DSA-4601 ldm - security update
    It was discovered that a hook script of ldm, the display manager for theLinux Terminal Server Project, incorrectly parsed responses from an SSHserver, which could result in local root privilege escalation.

  • DSA-4600 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the executionof arbitrary code, data exfiltration or cross-site scripting.

  • DSA-4599 wordpress - security update
    Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-SideScripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, createopen redirects, poison cache, and bypass authorization access andinput sanitation.

  • DSA-4598 python-django - security update
    Simon Charette reported that the password reset functionality in Django,a high-level Python web development framework, uses a Unicodecase-insensitive query to retrieve accounts matching the email addressrequesting the password reset. An attacker can take advantage of thisflaw to potentially retrieve password reset tokens and hijack accounts.

  • DSA-4597 netty - security update
    It was reported that Netty, a Java NIO client/server framework, is proneto a HTTP request smuggling vulnerability due to mishandling whitespacebefore the colon in HTTP headers.

  • DSA-4596 tomcat8 - security update
    Several issues were discovered in the Tomcat servlet and JSP engine, whichcould result in session fixation attacks, information disclosure, cross-sitescripting, denial of service via resource exhaustion and insecureredirects.

  • DSA-4595 debian-lan-config - security update
    It was discovered that debian-lan-config, a FAI config space for theDebian-LAN system, configured too permissive ACLs for the Kerberos adminserver, which allowed password changes for other user principals.

Debian Forum at

Page last modified on September 14, 2006, at 05:07 AM