1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3059 dokuwiki - security update
Two vulnerabilities have been discovered in dokuwiki. Access control inthe media manager was insufficiently restricted and authentication couldbe bypassed when using Active Directory for LDAP authentication.
- DSA-3058 torque - security update
Chad Vizino reported a vulnerability in torque, a PBS-derived batchprocessing queueing system. A non-root user could exploit the flaw inthe tm_adopt() library call to kill any process, including root-ownedones on any node in a job.
- DSA-3057 libxml2 - security update
Sogeti found a denial of service flaw in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML file that, when processed by anapplication using libxml2, would lead to excessive CPU consumption(denial of service) based on excessive entity substitutions, even ifentity substitution was disabled, which is the parser default behavior.(CVE-2014-3660)
- DSA-3056 libtasn1-3 - security update
Several vulnerabilities were discovered in libtasn1-3, a library thatmanages ASN1 (Abstract Syntax Notation One) structures. An attackercould use those to cause a denial-of-service via out-of-bounds accessor NULL pointer dereference.
- DSA-3054 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:
- DSA-3052 wpa - security update
Jouni Malinen discovered an input sanitization issue in the wpa_cli andhostapd_cli tools included in the wpa package. A remote wifi systemwithin range could provide a crafted string triggering arbitrary codeexecution running with privileges of the affected wpa_cli or hostapd_cliprocess.
- DSA-3050 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, denial of service, the bypass of thesame-origin policy or a loss of privacy.
- DSA-3049 wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers forRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denialof service.
- DSA-3048 apt - security update
Guillem Jover discovered that the changelog retrieval functionality inapt-get used temporary files in an insecure way, allowing a local userto cause arbitrary files to be overwritten.
- DSA-3047 rsyslog - security update
Mancha discovered a vulnerability in rsyslog, a system for logprocessing. This vulnerability is an integer overflow that can betriggered by malformed messages to a server, if this one accepts datafrom untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
- DSA-3046 mediawiki - security update
- DSA-3042 exuberant-ctags - security update