1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3561 subversion - security update
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
- DSA-3560 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
- DSA-3559 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors andbuffer overflows may lead to the execution of arbitrary code or denialof service.
- DSA-3558 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in breakouts ofthe Java sandbox, denial of service or information disclosure.
- DSA-3557 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:
- DSA-3556 libgd2 - security update
Hans Jerry Illikainen discovered that libgd2, a library for programmaticgraphics creation and manipulation, suffers of a signednessvulnerability which may result in a heap overflow when processingspecially crafted compressed gd2 data. A remote attacker can takeadvantage of this flaw to cause an application using the libgd2 libraryto crash, or potentially, to execute arbitrary code with the privilegesof the user running the application.
- DSA-3553 varnish - security update
Régis Leroy from Makina Corpus discovered that varnish, a caching HTTPreverse proxy, is vulnerable to HTTP smuggling issues, potentiallyresulting in cache poisoning or bypassing of access control policies.
- DSA-3554 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
- DSA-3552 tomcat7 - security update
Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure,the bypass of CSRF protections and bypass of the SecurityManager.
- DSA-3550 openssh - security update
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support isenabled and the sshd PAM configuration is configured to read userspecifiedenvironment variables and the UseLogin option is enabled, alocal user may escalate her privileges to root.
- DSA-3548 samba - security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,print, and login server for Unix. The Common Vulnerabilities andExposures project identifies the following issues:
- DSA-3547 imagemagick - security update
Several vulnerabilities were discovered in Imagemagick, a program suite forimage manipulation. This update fixes a large number of potential securityproblems such as null-pointer access and buffer-overflows that might leadto memory leaks or denial of service. None of these security problems havea CVE number assigned.
- DSA-3546 optipng - security update
Hans Jerry Illikainen discovered that missing input sanitising in theBMP processing code of the optipng PNG optimiser may result in denial ofservice or the execution of arbitrary code if a malformed file isprocessed.
- DSA-3545 cgit - security update
Several vulnerabilities were discovered in cgit, a fast web frontend forgit repositories written in C. A remote attacker can take advantage ofthese flaws to perform cross-site scripting, header injection or denialof service attacks.
- DSA-3544 python-django - security update
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems:
- DSA-3543 oar - security update
Emmanuel Thome discovered that missing sanitising in the oarsh commandof OAR, a software used to manage jobs and resources of HPC clusters,could result in privilege escalation.
- DSA-3542 mercurial - security update
Several vulnerabilities have been discovered in Mercurial, a distributedversion control system. The Common Vulnerabilities and Exposures projectidentifies the following issues:
- DSA-3541 roundcube - security update
High-Tech Bridge Security Research Lab discovered that Roundcube, awebmail client, contained a path traversal vulnerability. This flawcould be exploited by an attacker to access sensitive files on theserver, or even execute arbitrary code.
- DSA-3540 lhasa - security update
Marcin Noga discovered an integer underflow in Lhasa, a lzh archivedecompressor, which might result in the execution of arbitrary code ifa malformed archive is processed.
- DSA-3539 srtp - security update
Randell Jesup and the Firefox team discovered that srtp, Cisco'sreference implementation of the Secure Real-time Transport Protocol(SRTP), does not properly handle RTP header CSRC count and extensionheader length. A remote attacker can exploit this vulnerability to crashan application linked against libsrtp, resulting in a denial of service.