• Home
• About
• Calendar
• How Tos
• Blogs
• Articles
• Forums
• News
• Site Map

<< Mandriva | Distributions | Gentoo >>

Debian Security Notices

• DSA-2384 cacti - several vulnerabilities
  Several vulnerabilities have been discovered in Cacti, a graphing toolfor monitoring data. Multiple cross site scripting issues allow remoteattackers to inject arbitrary web script or HTML. An SQL injectionvulnerability allows remote attackers to execute arbitrary SQL commands.
  

• DSA-2403 php5 - code injection
  Stefan Esser discovered that the implementation of the max_input_varsconfiguration variable in a recent PHP security update was flawed suchthat it allows remote attackers to crash PHP or potentially executecode.
  

• DSA-2402 iceape - several vulnerabilities
  Several vulnerabilities have been found in the Iceape internet suite, anunbranded version of Seamonkey:
  

• DSA-2401 tomcat6 - several vulnerabilities
  Several vulnerabilities have been found in Tomcat, a servlet and JSPengine:
  

• DSA-2400 iceweasel - several vulnerabilities
  Several vulnerabilities have been discovered in Iceweasel, a web browserbased on Firefox. The included XULRunner library provides renderingservices for several other applications included in Debian.
  

• DSA-2399 php5 - several vulnerabilities
  Several vulnerabilities have been discovered in PHP, the web scriptinglanguage. The Common Vulnerabilities and Exposures project identifiesthe following issues:
  

• DSA-2398 curl - several vulnerabilities
  Several vulnerabilities have been discovered in cURL, an URL transferlibrary. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
  

• DSA-2397 icu - buffer underflow
  It was discovered that a buffer overflow in the Unicode library ICUcould lead to the execution of arbitrary code.
  

• DSA-2396 qemu-kvm - buffer underflow
  Nicolae Mogoraenu discovered a heap overflow in the emulated e1000enetwork interface card of KVM, a solution for full virtualization onx86 hardware, which could result in denial of service or privilegeescalation.
  

• DSA-2395 wireshark - buffer underflow
  Laurent Butti discovered a buffer underflow in the LANalyzer dissectorof the Wireshark network traffic analyzer, which could lead to theexecution of arbitrary code (CVE-2012-0068).
  

• DSA-2394 libxml2 - several vulnerabilities
  Many security problems have been fixed in libxml2, a popular library to handleXML data files.
  

• DSA-2393 bip - buffer overflow
  Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxywhich may allow arbitrary code execution by remote users.
  

• DSA-2392 openssl - out-of-bounds read
  Antonio Martin discovered a denial-of-service vulnerability inOpenSSL, an implementation of TLS and related protocols. A maliciousclient can cause the DTLS server implementation to crash. Regular,TCP-based TLS is not affected by this issue.
  

• DSA-2301 rails - several vulnerabilities
  Several vulnerabilities have been discovered in Rails, the Ruby webapplication framework. The Common Vulnerabilities and Exposures projectidentifies the following problems:
  

• DSA-2391 phpmyadmin - several vulnerabilities
  Several vulnerabilities have been discovered in phpMyAdmin, a toolto administer MySQL over the web. The Common Vulnerabilities andExposures project identifies the following problems:
  

• DSA-2390 openssl - several vulnerabilities
  Several vulnerabilities were discovered in OpenSSL, an implementationof TLS and related protocols. The Common Vulnerabilities andExposures project identifies the following vulnerabilities:
  

• DSA-2389 linux-2.6 - privilege escalation/denial of service/information leak
  Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service or privilege escalation. The Common Vulnerabilities andExposures project identifies the following problems:
  

• DSA-2388 t1lib - several vulnerabilities
  Several vulnerabilities were discovered in t1lib, a Postscript Type 1font rasterizer library, some of which might lead to code executionthrough the opening of files embedding bad fonts.
  

• DSA-2387 simplesamlphp - insufficient input sanitation
  timtai1 discovered that simpleSAMLphp, an authentication and federationplatform, is vulnerable to a cross site scripting attack, allowing aremote attacker to access sensitive client data.
  

• DSA-2386 openttd - several vulnerabilities
  Several vulnerabilities have been discovered in OpenTTD, a transportbusiness simulation game. Multiple buffer overflows and off-by-oneerrors allow remote attackers to cause denial of service.
  

• DSA-2385 pdns - packet loop
  Ray Morris discovered that the PowerDNS authoritative server respondsto response packets. An attacker who can spoof the source address ofIP packets can cause an endless packet loop between a PowerDNSauthoritative server and another DNS server, leading to a denial ofservice.
  

• DSA-2383 super - buffer overflow
  Robert Luberda discovered a buffer overflow in the syslog logging code ofSuper, a tool to execute scripts (or other commands) as if they were root.The default Debian configuration is not affected.
  

• DSA-2382 ecryptfs-utils - multiple vulnerabilities
  Several problems have been discovered in eCryptfs, a cryptographicfilesystem for Linux.
  

• DSA-2381 squid3 - invalid memory deallocation
  It was discovered that the IPv6 support code in Squid does notproperly handle certain DNS responses, resulting in deallocation of aninvalid pointer and a daemon crash.
  

Debian Forum at linuxquestions.org

• New graphical problem
• Dual booting Win7 and Debian
• Autocomplete is broken
• [SOLVED] Problems with KDE on Debian Squeeze.
• [SOLVED] bonnie++ broken
• Compiling a kernel + patch [2.6.33.1-rt11]
• debian installer: "software selection"
• [SOLVED] Java not working with iceweasel
• Central Management System to manage debian workstations
• [SOLVED] show a list of all installed packages
• gcc giving error linux/init.h: No such file or directory
• Delete content of logs files without removing them
• error in live CD creation using live-build on Squeeze
• exclude some packages from updating
• [SOLVED] Unable to play ogg video files in VLC and Smplayer
• Does apt-get -b source Install the Package?
• [SOLVED] Want to eliminate log files on my Debian Sequeeze
• [SOLVED] mount ntfs with fstab dmask=027,fmask=137 but no write access
• Bluetooth not connecting
• strange backup problem using Acronis True Image Home 2011
• delete saved Alt+F2 commands in Gnome
• [SOLVED] Boot CD or Floppy with USB Drivers for Booting Old Hardware
• roundcube-0.7: DATABASE ERROR: CONNECTION FAILED
• [Request] help noob install/fix
• Ran into problem when try to do "apt-get update"...
• Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/tmp.ci/postrm line 234.
• how to dupplicate an usb pen
• [SOLVED] Don't Aoutmaticly Start XDM on Startup.
• ATI weird "effects"
• [SOLVED] need to know the proper way to upgrade rtorrent
• Installing Dell OpenManage on Lenny
• Automount and umount of USB drives not working using udev
• libboost property_traits not declared....
• [SOLVED] acroread missing asian fonts
• [SOLVED] How do I get to play DVDs under Debian (Linux in general)?
• [SOLVED] GUI problems. Xserver?Gnome?Video Card/ driver?: Posted in Newbie section also.
• [SOLVED] How to disable gnome popup notifications in squeeze?
• [SOLVED] FTP service installation error
• Installing Oracle XE 11g on Debian Squeeze
• Network install on internet that requires a log in
• [SOLVED] GTK font selection
• Network issues
• usb printer on ltsp client
• .bashrc help: syntax error: unexpected end of file
• [SOLVED] running x window in Debian Live
• building NAS
• Opera (11.60.1185) crash on Xfce under Debian Squeeze
• Fatal error - appears to be responsible for loss of kbd and mouse
• Debian Squeeze - Cannot connect to network
• New Debian user - 3 problems
• library dependency problem
• [SOLVED] Why root is remounted with commit=0 (=600 specified in fstab) at the end of start-up?
• Boot Console Font?
• Exit Gnome to Console
• git-p4 on Debian?
• Installing Linux Mint Debian- advice?
• Problem with git after upgrade