Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

  • DSA-4522 faad2 - security update
    Multiple vulnerabilities have been discovered in faad2, the Freeware AdvancedAudio Coder. These vulnerabilities might allow remote attackers to causedenial-of-service, or potentially execute arbitrary code if crafted MPEG AACfiles are processed.


  • DSA-4521 docker.io - security update
    Three security vulnerabilities have been discovered in the Dockercontainer runtime: Insecure loading of NSS libraries in docker cpcould result in execution of code with root privileges, sensitive datacould be logged in debug mode and there was a command injectionvulnerability in the docker build command.


  • DSA-4520 trafficserver - security update
    Several vulnerabilities were discovered in the HTTP/2 code of ApacheTraffic Server, a reverse and forward proxy server, which could resultin denial of service.



  • DSA-4518 ghostscript - security update
    It was discovered that various procedures in Ghostscript, the GPLPostScript/PDF interpreter, do not properly restrict privileged calls,which could result in bypass of file system restrictions of the dSAFERsandbox.


  • DSA-4517 exim4 - security update
    "Zerons" and Qualys discovered that a buffer overflow triggerable in theTLS negotiation code of the Exim mail transport agent could result in theexecution of arbitrary code with root privileges.


  • DSA-4516 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, cross-site scripting, bypass of the same-origin policy, sandboxescape, information disclosure or denial of service.



  • DSA-4514 varnish - security update
    Alf-Andre Walla discovered a remotely triggerable assert in the Varnishweb accelerator; sending a malformed HTTP request could result in denialof service.


  • DSA-4513 samba - security update
    Stefan Metzmacher discovered a flaw in Samba, a SMB/CIFS file, print,and login server for Unix. Specific combinations of parameters andpermissions can allow user to escape from the share path definition andsee the complete '/' filesystem. Unix permission checks in the kernelare still enforced.


  • DSA-4512 qemu - security update
    Multiple security issues were discovered in QEMU, a fast processoremulator, which could result in denial of service, the execution ofarbitrary code or bypass of ACLs.



  • DSA-4510 dovecot - security update
    Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieveprotocol parsers in the Dovecot email server do not properly validateinput (both pre- and post-login). A remote attacker can take advantageof this flaw to trigger out of bounds heap memory writes, leading toinformation leaks or potentially the execution of arbitrary code.



  • DSA-4508 h2o - security update
    Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTPserver, which could result in denial of service.


  • DSA-4507 squid - security update
    Several vulnerabilities were discovered in Squid, a fully featured webproxy cache. The flaws in the HTTP Digest Authentication processing, theHTTP Basic Authentication processing and in the cachemgr.cgi allowedremote attackers to perform denial of service and cross-site scriptingattacks, and potentially the execution of arbitrary code.


  • DSA-4506 qemu - security update
    Multiple security issues were discovered in QEMU, a fast processoremulator, which could result in denial of service, the execution ofarbitrary code or bypass of ACLs.


  • DSA-4505 nginx - security update
    Three vulnerabilities were discovered in the HTTP/2 code of Nginx, ahigh-performance web and reverse proxy server, which could result indenial of service.


  • DSA-4504 vlc - security update
    Multiple security issues were discovered in the VLC media player, whichcould result in the execution of arbitrary code or denial of service ifa malformed file/stream is processed.


  • DSA-4503 golang-1.11 - security update
    Three vulnerabilities have been discovered in the Go programming language;"net/url" accepted some invalid hosts in URLs which could result inauthorisation bypass in some applications and the HTTP/2 implementationwas susceptible to denial of service.


  • DSA-4502 ffmpeg - security update
    Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM