Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3823 eject - security update
    Ilja Van Sprundel discovered that the dmcrypt-get-device helper used tocheck if a given device is an encrypted device handled by devmapper, andused in eject, does not check return values from setuid() and setgid()when dropping privileges.


  • DSA-3822 gstreamer1.0 - security update
    Hanno Boeck discovered multiple vulnerabilities in the GStreamer mediaframework and its codecs and demuxers, which may result in denial ofservice or the execution of arbitrary code if a malformed media file isopened.


  • DSA-3821 gst-plugins-ugly1.0 - security update
    Hanno Boeck discovered multiple vulnerabilities in the GStreamer mediaframework and its codecs and demuxers, which may result in denial ofservice or the execution of arbitrary code if a malformed media file isopened.


  • DSA-3820 gst-plugins-good1.0 - security update
    Hanno Boeck discovered multiple vulnerabilities in the GStreamer mediaframework and its codecs and demuxers, which may result in denial ofservice or the execution of arbitrary code if a malformed media file isopened.


  • DSA-3819 gst-plugins-base1.0 - security update
    Hanno Boeck discovered multiple vulnerabilities in the GStreamer mediaframework and its codecs and demuxers, which may result in denial ofservice or the execution of arbitrary code if a malformed media file isopened.


  • DSA-3818 gst-plugins-bad1.0 - security update
    Hanno Boeck discovered multiple vulnerabilities in the GStreamer mediaframework and its codecs and demuxers, which may result in denial ofservice or the execution of arbitrary code if a malformed media file isopened.


  • DSA-3817 jbig2dec - security update
    Multiple security issues have been found in the JBIG2 decoder library,which may lead to lead to denial of service or the execution of arbitrarycode if a malformed image file (usually embedded in a PDF document) isopened.


  • DSA-3816 samba - security update
    Jann Horn of Google discovered a time-of-check, time-of-use racecondition in Samba, a SMB/CIFS file, print, and login server for Unix. Amalicious client can take advantage of this flaw by exploting a symlinkrace to access areas of the server file system not exported under ashare definition.


  • DSA-3815 wordpress - security update
    Several vulnerabilities were discovered in wordpress, a web bloggingtool. They would allow remote attackers to delete unintended files,mount Cross-Site Scripting attacks, or bypass redirect URL validationmechanisms.


  • DSA-3814 audiofile - security update
    Several vulnerabilities have been discovered in the audiofile library,which may result in denial of service or the execution of arbitrary codeif a malformed audio file is processed.


  • DSA-3813 r-base - security update
    Cory Duplantis discovered a buffer overflow in the R programminglanguage. A malformed encoding file may lead to the execution ofarbitrary code during PDF generation.


  • DSA-3812 ioquake3 - security update
    It was discovered that ioquake3, a modified version of the ioQuake3 gameengine performs insufficent restrictions on automatically downloadedcontent (pk3 files or game code), which allows malicious game servers tomodify configuration settings including driver settings.


  • DSA-3811 wireshark - security update
    It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors for ASTERIX, DHCPv6,NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead tovarious crashes, denial-of-service or execution of arbitrary code.



  • DSA-3809 mariadb-10.0 - security update
    Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.30. Please see the MariaDB 10.0 Release Notes for furtherdetails:


  • DSA-3808 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code ifmalformed TGA, Sun or PSD files are processed.


  • DSA-3807 icoutils - security update
    Multiple vulnerabilities were discovered in the icotool and wrestooltools of Icoutils, a set of programs that deal with MS Windows icons andcursors, which may result in denial of service or the execution ofarbitrary code if a malformed .ico or .exe file is processed.


  • DSA-3806 pidgin - security update
    It was discovered a vulnerability in Pidgin, a multi-protocol instantmessaging client. A server controlled by an attacker can send an invalidXML that can trigger an out-of-bound memory access. This might lead to acrash or, in some extreme cases, to remote code execution in theclient-side.


  • DSA-3805 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees and otherimplementation errors may lead to the execution of arbitrary code, ASLRbypass, information disclosure or denial of service.


  • DSA-3804 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or have otherimpacts.


  • DSA-3803 texlive-base - security update
    It was discovered that texlive-base, the TeX Live package which providesthe essential TeX programs and files, whitelists mpost as an externalprogram to be run from within the TeX source code (called \write18).Since mpost allows to specify other programs to be run, an attacker cantake advantage of this flaw for arbitrary code execution when compilinga TeX document.


  • DSA-3802 zabbix - security update
    An SQL injection vulnerability has been discovered in the Latest datapage of the web frontend of the Zabbix network monitoring system


  • DSA-3801 ruby-zip - security update
    It was discovered that ruby-zip, a Ruby module for reading and writingzip files, is prone to a directory traversal vulnerability. An attackercan take advantage of this flaw to overwrite arbitrary files duringarchive extraction via a .. (dot dot) in an extracted filename.


  • DSA-3800 libquicktime - security update
    Marco Romano discovered that libquicktime, a library for reading andwriting QuickTime files, was vulnerable to an integer overflowattack. When opened, a specially crafted MP4 file would cause a denialof service by crashing the application.


  • DSA-3799 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service or the execution of arbitrarycode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.


  • DSA-3798 tnef - security update
    Eric Sesterhenn, from X41 D-Sec GmbH, discovered severalvulnerabilities in tnef, a tool used to unpack MIME attachments oftype application/ms-tnef. Multiple heap overflows, type confusionsand out of bound reads and writes could be exploited by tricking auser into opening a malicious attachment. This would result in denialof service via application crash, or potential arbitrary codeexecution.


  • DSA-3797 mupdf - security update
    Multiple vulnerabilities have been found in the PDF viewer MuPDF, whichmay result in denial of service or the execution of arbitrary code ifa malformed PDF file is opened.



  • DSA-3795 bind9 - security update
    It was discovered that a maliciously crafted query can cause ISC'sBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM