Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>



Debian Planet

Debian Security Notices

  • DSA-2993 tor - security update
    Several issues have been discovered in Tor, a connection-basedlow-latency anonymous communication system, resulting in informationleaks.

  • DSA-2991 modsecurity-apache - security update
    Martin Holst Swende discovered a flaw in the way chunked requests arehandled in ModSecurity, an Apache module whose purpose is to tighten theWeb application security. A remote attacker could use this flaw tobypass intended mod_security restrictions by using chunked transfercoding with a capitalized Chunked value in the Transfer-Encoding HTTPheader, allowing to send requests containing content that should havebeen removed by mod_security.

  • DSA-2990 cups - security update
    It was discovered that the web interface in CUPS, the Common UNIXPrinting System, incorrectly validated permissions on rss files anddirectory index files. A local attacker could possibly use this issueto bypass file permissions and read arbitrary files, possibly leadingto a privilege escalation.

  • DSA-2988 transmission - security update
    Ben Hawkes discovered that incorrect handling of peer messages in theTransmission bittorrent client could result in denial of service or theexecution of arbitrary code.

  • DSA-2987 openjdk-7 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the execution ofarbitrary code, breakouts of the Java sandbox, information disclosure ordenial of service.

  • DSA-2986 iceweasel - security update
    Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors anduse-after-frees may lead to the execution of arbitrary code or denialof service.

  • DSA-2985 mysql-5.5 - security update
    Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:

  • DSA-2984 acpi-support - security update
    CESG discovered a root escalation flaw in the acpi-support package. Anunprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environmentvariable to run arbitrary commands as root user via the policy-funcsscript.

  • DSA-2981 polarssl - security update
    A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLSlibrary, which can be exploited by a remote unauthenticated attacker tomount a denial of service against PolarSSL servers that offer GCMciphersuites. Potentially clients are affected too if a malicious serverdecides to execute the denial of service attack against its clients.

  • DSA-2980 openjdk-6 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosureor denial of service.

  • DSA-2979 fail2ban - security update
    Two vulnerabilities were discovered in Fail2ban, a solution to ban hoststhat cause multiple authentication errors. When using Fail2ban to monitorPostfix or Cyrus IMAP logs, improper input validation in log parsingcould enable a remote attacker to trigger an IP ban on arbitraryaddresses, resulting in denial of service.

  • DSA-2977 libav - security update
    Don A. Baley discovered an integer overflow in the lzo compressionhandler which could result in the execution of arbitrary code.

  • DSA-2976 eglibc - security update
    Stephane Chazelas discovered that the GNU C library, glibc, processed".." path segments in locale-related environment variables, possiblyallowing attackers to circumvent intended restrictions, such asForceCommand in OpenSSH, assuming that they can supply crafted localesettings.

  • DSA-2975 phpmyadmin - security update
    Several vulnerabilities have been discovered in phpMyAdmin, a tool toadminister MySQL over the web. The Common Vulnerabilities and Exposuresproject identifies the following problems:

  • DSA-2974 php5 - security update
    Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. The CommonVulnerabilities and Exposures project identifies the following problems:

  • DSA-2973 vlc - security update
    Multiple buffer overflows have been found in the VideoLAN media player.Processing malformed subtitles or movie files could lead to denial ofservice and potentially the execution of arbitrary code.

  • DSA-2972 linux - security update
    Andy Lutomirski discovered that the ptrace syscall was not verifying theRIP register to be valid in the ptrace API on x86_64 processors. Anunprivileged user could use this flaw to crash the kernel (resulting indenial of service) or for privilege escalation.

  • DSA-2971 dbus - security update
    Several vulnerabilities have been discovered in dbus, an asynchronousinter-process communication system. The Common Vulnerabilities andExposures project identifies the following problems:

Debian Forum at

Page last modified on September 14, 2006, at 12:07 AM