1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3077 openjdk-6 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, information disclosure or denial of service.
- DSA-3076 wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers forSigComp UDVM, AMQP, NCP and TN5250, which could result in denial ofservice.
- DSA-3075 drupal7 - security update
Two vulnerabilities were discovered in Drupal, a fully-featured contentmanagement framework. The Common Vulnerabilities and Exposures projectidentifies the following issues:
- DSA-3074 php5 - security update
Francisco Alonso of Red Hat Product Security found an issue in the fileutility, whose code is embedded in PHP, a general-purpose scriptinglanguage. When checking ELF files, note headers are incorrectlychecked, thus potentially allowing attackers to cause a denial ofservice (out-of-bounds read and application crash) by supplying aspecially crafted ELF file.
- DSA-3073 libgcrypt11 - security update
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamalencryption subkeys in applications using the libgcrypt11 library, forexample GnuPG 2.x, could be leaked via a side-channel attack.
- DSA-3072 file - security update
Francisco Alonso of Red Hat Product Security found an issue in the fileutility: when checking ELF files, note headers are incorrectly checked,thus potentially allowing attackers to cause a denial of service(out-of-bounds read and application crash) by supplying a speciallycrafted ELF file.
- DSA-3071 nss - security update
In nss, a set of libraries designed to support cross-platformdevelopment of security-enabled client and server applications, TysonSmith and Jesse Schwartzentruber discovered a use-after-freevulnerability that allows remote attackers to execute arbitrary code bytriggering the improper removal of an NSSCertificate structure from atrust domain.
- DSA-3069 curl - security update
Symeon Paraschoudis discovered that the curl_easy_duphandle() functionin cURL, an URL transfer library, has a bug that can lead to libcurleventually sending off sensitive data that was not intended for sending,while performing a HTTP POST operation.
- DSA-3065 libxml-security-java - security update
James Forshaw discovered that, in Apache Santuario XML Security forJava, CanonicalizationMethod parameters were incorrectly validated:by specifying an arbitrary weak canonicalization algorithm, anattacker could spoof XML signatures.
- DSA-3064 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. It has beendecided to follow the stable 5.4.x releases for the Wheezy PHP packages.Consequently the vulnerabilities are addressed by upgrading PHP to a newupstream version 5.4.34, which includes additional bug fixes, newfeatures and possibly incompatible changes. Please refer to the upstreamchangelog for more information:
- DSA-3063 quassel - security update
An out-of-bounds read vulnerability was discovered in Quassel-core, oneof the components of the distributed IRC client Quassel. An attacker cansend a crafted message that crash to component causing a denial ofservices or disclosure of information from process memory.
- DSA-3062 wget - security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-lineutility to retrieve files via HTTP, HTTPS, and FTP. The vulnerabilityallows to create arbitrary files on the user's system when Wget runs inrecursive mode against a malicious FTP server. Arbitrary file creationmay override content of user's files or permit remote code execution withthe user privilege.
- DSA-3061 icedove - security update
Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail and news client: Multiple memory safetyerrors, buffer overflows, use-after-frees and other implementationerrors may lead to the execution of arbitrary code or denial of service.
- DSA-3059 dokuwiki - security update
Two vulnerabilities have been discovered in dokuwiki. Access control inthe media manager was insufficiently restricted and authentication couldbe bypassed when using Active Directory for LDAP authentication.
- DSA-3058 torque - security update
Chad Vizino reported a vulnerability in torque, a PBS-derived batchprocessing queueing system. A non-root user could exploit the flaw inthe tm_adopt() library call to kill any process, including root-ownedones on any node in a job.
- problems with sound under jessie
- How can I solve "E: Error, pkgProblemResolver::Resolve generated breaks, this may be"
- Quick Question: root/sudo enabled File Browser & Folder Diff/Compare
- krusader viewer/editor fail
- Problem with Legacy FGLRX driver.
- mrtg monitoring remote servers
- gdm3 not properly working in wheezy
- Sudden poor performance of Debian 7
- nvidia-glx on wheezy w kernel 3.17.3
- Today's update of Jessie MATE pulls in nearly complete Gnome install
- Customize Debian cd
- [SOLVED] scanner issues
- Interpreting the Debian init system GR (Russ Allbery)
- [SOLVED] Network script on start
- Problem with Locale and Gvfs:amd64 & dpkg
- Problem with bash update
- Sound Card not worked properly :(
- System Freezes and is often not recoverable, even the virtual terminal becomes slow.
- Invisible cursor after FGLRX install
- Inactive network on preseeded install
- Debian compressing tar file
- static IP adress in Debian
- [SOLVED] ath5k really slow
- Preseeding Debian Wheeze. Package installation
- installing amd64 instead of i386
- [SOLVED] Old Debian Potato and Network Adapters
- Debian's new Art Theme (Jessie aka Debian 8.x).
- systemd - no kernel messages in journald
- change boot up and startup messages color
- Dual-booting Debian with Windows 8 on Acer E3-111?
- My Debian won't load properly due to apt-get dist-upgrade failure
- radeon open source - boot notification
- debian: ffmpeg, mencoder,.... please rename cp, vim, mv,... too !!
- Changing the location of an executable file.
- Temperature dropping fast
- suPHP not is Jessie?
- Sound icon missing
- [SOLVED] Fix APT with `apt-get -f install` without internet access?
- After dist-upgrade, system keeps hibernatinng. Debian Jessie 32bit
- [SOLVED] rsyslog, warning: ~ action is deprecated, consider using the 'stop' statement instead
- Offlineimap, Debian and SSL problem
- nvidia drivers 340.32 installation using debirf
- [SOLVED] Kernel 3.17 Liquorix-ZEN SMP for Netbooks with Atom - Debian, CrunchBang, Dreamlinux
- AVCONV WebCam/Audio recording (Pulseaudio) Pavucontrol
- Change from Debian derivative (Point Linux) to pure Debian without reinstalling?
- X screws up everything. (Debian jessie, AMD flgrx on HD62900, but works without SUMO
- Nautilus never returns any search results
- Raspbian Raspberry pi Inittab Id "1" respawning too fast
- Upgrade fails on: linux-image-3.2.0-4-amd64_3.2.63-2_amd64.deb