Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3765 icoutils - security update
    Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and cursors, allowdenial of service or the execution of arbitrary code if a malformedbinary is parsed.


  • DSA-3764 pdns - security update
    Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following problems:


  • DSA-3763 pdns-recursor - security update
    Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are needed or even legitimate, allowing a remote, unauthenticatedattacker to cause an abnormal CPU usage load on the pdns server,resulting in a partial denial of service if the system becomesoverloaded.


  • DSA-3762 tiff - security update
    Multiple vulnerabilities have been discovered in the libtiff libraryand the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdfand tiffsplit, which may result in denial of service, memory disclosureor the execution of arbitrary code.


  • DSA-3761 rabbitmq-server - security update
    It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didn't correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password.



  • DSA-3759 python-pysaml2 - security update
    Matias P. Brutti discovered that python-pysaml2, a Pythonimplementation of the Security Assertion Markup Language 2.0, did notcorrectly sanitize the XML messages it handled. This allowed a remoteattacker to perform XML External Entity attacks, leading to a widerange of exploits.



  • DSA-3757 icedove - security update
    Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail client: Multiple vulnerabilities may leadto the execution of arbitrary code, data leakage or bypass of the contentsecurity policy.


  • DSA-3756 icoutils - security update
    Choongwoo Han discovered that a programming error in the wrestool toolof the icoutils suite allows denial of service or the execution ofarbitrary code if a malformed binary is parsed.


  • DSA-3755 tomcat8 - security update
    It was discovered that incorrect error handling in the NIO HTTPconnector of the Tomcat servlet and JSP engine could result ininformation disclosure.


  • DSA-3754 tomcat7 - security update
    It was discovered that incorrect error handling in the NIO HTTPconnector of the Tomcat servlet and JSP engine could result ininformation disclosure.


  • DSA-3753 libvncserver - security update
    It was discovered that libvncserver, a collection of libraries used toimplement VNC/RFB clients and servers, incorrectly processed incomingnetwork packets. This resulted in several heap-based buffer overflows,allowing a rogue server to either cause a DoS by crashing the client,or potentially execute arbitrary code on the client side.


  • DSA-3752 pcsc-lite - security update
    Peter Wu discovered that a use-after-free in the pscd PC/SC daemon ofPCSC-Lite might result in denial of service or potentially privilegeescalation.


  • DSA-3751 libgd2 - security update
    A stack overflow vulnerability was discovered within thegdImageFillToBorder function in libgd2, a library for programmaticgraphics creation and manipulation, triggered when invalid colors areused with truecolor images. A remote attacker can take advantage of thisflaw to cause a denial-of-service against an application using thelibgd2 library.


  • DSA-3750 libphp-phpmailer - security update
    Dawid Golunski discovered that PHPMailer, a popular library to sendemail from PHP applications, allowed a remote attacker to executecode if they were able to provide a crafted Sender address.


  • DSA-3749 dcmtk - security update
    Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collectionof libraries implementing the DICOM standard, did not properly handlethe size of data received from the network. This could lead todenial-of-service (via application crash) or arbitrary code execution.


  • DSA-3748 libcrypto++ - security update
    Gergely Gbor Nagy from Tresorit discovered that libcrypto++, a C++cryptographic library, contained a bug in several ASN.1 parsingroutines. This would allow an attacker to remotely cause a denial ofservice.


  • DSA-3747 exim4 - security update
    Bjoern Jacke discovered that Exim, Debian's default mail transfer agent,may leak the private DKIM signing key to the log files if specificconfiguration options are met.


  • DSA-3746 graphicsmagick - security update
    Several vulnerabilities have been discovered in GraphicsMagick, acollection of image processing tool, which can cause denial of serviceattacks, remote file deletion, and remote command execution.


  • DSA-3745 squid3 - security update
    Saulius Lapinskas from Lithuanian State Social Insurance Fund Boarddiscovered that Squid3, a fully featured web proxy cache, does notproperly process responses to If-None-Modified HTTP conditionalrequests, leading to client-specific Cookie data being leaked to otherclients. A remote attacker can take advantage of this flaw to discoverprivate and sensitive information about another clients browsingsession.


  • DSA-3744 libxml2 - security update
    Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, or potentially, the execution of arbitrary code withthe privileges of the user running the application.


  • DSA-3743 python-bottle - security update
    It was discovered that bottle, a WSGI-framework for the Pythonprogramming language, did not properly filter "\r\n" sequences whenhandling redirections. This allowed an attacker to perform CRLFattacks such as HTTP header injection.


  • DSA-3742 flightgear - security update
    It was discovered that the Flight Gear flight simulator performsinsufficient sanitising of Nasal scripts which allows a malicious scriptto overwrite arbitrary files with the privileges of the user runningFlight Gear.


  • DSA-3741 tor - security update
    It was discovered that Tor, a connection-based low-latency anonymouscommunication system, may read one byte past a buffer when parsinghidden service descriptors. This issue may enable a hostile hiddenservice to crash Tor clients depending on hardening options and mallocimplementation.


  • DSA-3740 samba - security update
    Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,print, and login server for Unix. The Common Vulnerabilities andExposures project identifies the following issues:


  • DSA-3739 tomcat8 - security update
    Multiple security vulnerabilities were discovered in the Tomcatservlet and JSP engine, as well as in its Debian-specific maintainerscripts. Those flaws allowed for privilege escalation, informationdisclosure, and remote code execution.


  • DSA-3738 tomcat7 - security update
    Multiple security vulnerabilities were discovered in the Tomcatservlet and JSP engine, as well as in its Debian-specific maintainerscripts. Those flaws allowed for privilege escalation, informationdisclosure, and remote code execution.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM