Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-2985 mysql-5.5 - security update
    Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:


  • DSA-2984 acpi-support - security update
    CESG discovered a root escalation flaw in the acpi-support package. Anunprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environmentvariable to run arbitrary commands as root user via the policy-funcsscript.




  • DSA-2981 polarssl - security update
    A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLSlibrary, which can be exploited by a remote unauthenticated attacker tomount a denial of service against PolarSSL servers that offer GCMciphersuites. Potentially clients are affected too if a malicious serverdecides to execute the denial of service attack against its clients.


  • DSA-2980 openjdk-6 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosureor denial of service.


  • DSA-2979 fail2ban - security update
    Two vulnerabilities were discovered in Fail2ban, a solution to ban hoststhat cause multiple authentication errors. When using Fail2ban to monitorPostfix or Cyrus IMAP logs, improper input validation in log parsingcould enable a remote attacker to trigger an IP ban on arbitraryaddresses, resulting in denial of service.



  • DSA-2977 libav - security update
    Don A. Baley discovered an integer overflow in the lzo compressionhandler which could result in the execution of arbitrary code.


  • DSA-2976 eglibc - security update
    Stephane Chazelas discovered that the GNU C library, glibc, processed".." path segments in locale-related environment variables, possiblyallowing attackers to circumvent intended restrictions, such asForceCommand in OpenSSH, assuming that they can supply crafted localesettings.


  • DSA-2975 phpmyadmin - security update
    Several vulnerabilities have been discovered in phpMyAdmin, a tool toadminister MySQL over the web. The Common Vulnerabilities and Exposuresproject identifies the following problems:


  • DSA-2974 php5 - security update
    Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. The CommonVulnerabilities and Exposures project identifies the following problems:


  • DSA-2973 vlc - security update
    Multiple buffer overflows have been found in the VideoLAN media player.Processing malformed subtitles or movie files could lead to denial ofservice and potentially the execution of arbitrary code.


  • DSA-2972 linux - security update
    Andy Lutomirski discovered that the ptrace syscall was not verifying theRIP register to be valid in the ptrace API on x86_64 processors. Anunprivileged user could use this flaw to crash the kernel (resulting indenial of service) or for privilege escalation.


  • DSA-2971 dbus - security update
    Several vulnerabilities have been discovered in dbus, an asynchronousinter-process communication system. The Common Vulnerabilities andExposures project identifies the following problems:


  • DSA-2970 cacti - security update
    Multiple security issues (cross-site scripting, cross-site requestforgery, SQL injections, missing input sanitising) have been found inCacti, a web frontend for RRDTool.


  • DSA-2969 libemail-address-perl - security update
    Bastian Blank reported a denial of service vulnerability inEmail::Address, a Perl module for RFC 2822 address parsing and creation.Email::Address::parse used significant time on parsing empty quotedstrings. A remote attacker able to supply specifically crafted input toan application using Email::Address for parsing, could use this flaw tomount a denial of service attack against the application.


  • DSA-2968 gnupg2 - security update
    Jean-René Reinhard, Olivier Levillain and Florian Maury reported thatGnuPG, the GNU Privacy Guard, did not properly parse certain garbledcompressed data packets. A remote attacker could use this flaw to mounta denial of service against GnuPG by triggering an infinite loop.


  • DSA-2967 gnupg - security update
    Jean-René Reinhard, Olivier Levillain and Florian Maury reported thatGnuPG, the GNU Privacy Guard, did not properly parse certain garbledcompressed data packets. A remote attacker could use this flaw to mounta denial of service against GnuPG by triggering an infinite loop.



Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM