Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-4042 libxml-libxml-perl - security update
    A use-after-free vulnerability was discovered in XML::LibXML, a Perlinterface to the libxml2 library, allowing an attacker to executearbitrary code by controlling the arguments to a replaceChild() call.


  • DSA-4041 procmail - security update
    Jakub Wilk reported a heap-based buffer overflow vulnerability inprocmail's formail utility when processing specially-crafted emailheaders. A remote attacker could use this flaw to cause formail tocrash, resulting in a denial of service or data loss.


  • DSA-4040 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed.


  • DSA-4039 opensaml2 - security update
    Rod Widdowson of Steading System Software LLP discovered a coding errorin the OpenSAML library, causing the DynamicMetadataProvider class tofail configuring itself with the filters provided and omitting whateverchecks they are intended to perform.


  • DSA-4038 shibboleth-sp2 - security update
    Rod Widdowson of Steading System Software LLP discovered a coding errorin the Dynamic metadata plugin of the Shibboleth Service Provider,causing the plugin to fail configuring itself with the filters providedand omitting whatever checks they are intended to perform.


  • DSA-4037 jackson-databind - security update
    It was discovered that jackson-databind, a Java library used to parseJSON and other data formats, improperly validated user input prior todeserializing: following DSA-4004-1 forCVE-2017-7525, an additional set of classes was identified as unsafefor deserialization.



  • DSA-4035 firefox-esr - security update
    Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees and otherimplementation errors may lead to the execution of arbitrary code, denialof service or bypass of the same origin policy.


  • DSA-4034 varnish - security update
    'shamger' and Carlo Cannas discovered that a programming error inVarnish, a state of the art, high-performance web accelerator, mayresult in disclosure of memory contents or denial of service.


  • DSA-4033 konversation - security update
    Joseph Bisch discovered that Konversation, an user friendly InternetRelay Chat (IRC) client for KDE, could crash when parsing certain IRCcolor formatting codes.


  • DSA-4032 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service, memory disclosure or the execution ofarbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW filesare processed.


  • DSA-4031 ruby2.3 - security update
    Several vulnerabilities have been discovered in the interpreter for theRuby language. The Common Vulnerabilities and Exposures projectidentifies the following problems:


  • DSA-4030 roundcube - security update
    A file disclosure vulnerability was discovered in roundcube, a skinnableAJAX based webmail solution for IMAP servers. An authenticated attackercan take advantage of this flaw to read roundcube's configuration files.


  • DSA-4029 postgresql-common - security update
    It was discovered that the pg_ctlcluster, pg_createcluster andpg_upgradecluster commands handled symbolic links insecurely which couldresult in local denial of service by overwriting arbitrary files.



  • DSA-4027 postgresql-9.4 - security update
    A vulnerabilitiy has been found in the PostgreSQL database system:Denial of service and potential memory disclosure in thejson_populate_recordset() and jsonb_populate_recordset() functions.


  • DSA-4026 bchunk - security update
    Wen Bin discovered that bchunk, an application that converts a CDimage in bin/cue format into a set of iso and cdr/wav tracks files,did not properly check its input. This would allow malicious users tocrash the application or potentially execute arbitrary code.


  • DSA-4025 libpam4j - security update
    It was discovered that libpam4j, a Java library wrapper for theintegration of PAM did not call pam_acct_mgmt() during authentication.As such a user who has a valid password, but a deactivated or disabledaccount could still log in.



  • DSA-4023 slurm-llnl - security update
    Ryan Day discovered that the Simple Linux Utility for ResourceManagement (SLURM), a cluster resource management and job schedulingsystem, does not properly handle SPANK environment variables, allowing auser permitted to submit jobs to execute code as root during the Prologor Epilog. All systems using a Prolog or Epilog script are vulnerable,regardless of whether SPANK plugins are in use.


  • DSA-4022 libreoffice - security update
    Marcin Noga discovered two vulnerabilities in LibreOffice, which couldresult in the execution of arbitrary code if a malformed PPT or DOCdocument is opened.


  • DSA-4021 otrs2 - security update
    It was discovered that missing input validation in the Open TicketRequest System could result in privilege escalation by an agent withwrite permissions for statistics.



  • DSA-4019 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed.


  • DSA-4018 openssl - security update
    Multiple vulnerabilities have been discovered in OpenSSL, a SecureSockets Layer toolkit. The Common Vulnerabilities and Exposures projectidentifies the following issues:


  • DSA-4017 openssl1.0 - security update
    Multiple vulnerabilities have been discovered in OpenSSL, a SecureSockets Layer toolkit. The Common Vulnerabilities and Exposures projectidentifies the following issues:


  • DSA-4016 irssi - security update
    Multiple vulnerabilities have been discovered in Irssi, a terminal basedIRC client. The Common Vulnerabilities and Exposures project identifiesthe following problems:


  • DSA-4015 openjdk-8 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in impersonationof Kerberos services, denial of service, sandbox bypass or HTTP headerinjection.



  • DSA-4013 openjpeg2 - security update
    Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /decompression library, may result in denial of service or the executionof arbitrary code if a malformed JPEG 2000 file is processed.



  • DSA-4011 quagga - security update
    It was discovered that the bgpd daemon in the Quagga routing suite doesnot properly calculate the length of multi-segment AS_PATH UPDATEmessages, causing bgpd to drop a session and potentially resulting inloss of network connectivity.


  • DSA-4010 git-annex - security update
    It was discovered that git-annex, a tool to manage files with gitwithout checking their contents in, did not correctly handlemaliciously constructed ssh:// URLs. This allowed an attacker to runan arbitrary shell command.


  • DSA-4009 shadowsocks-libev - security update
    Niklas Abel discovered that insufficient input sanitising in thess-manager component of shadowsocks-libev, a lightweight socks5 proxy,could result in arbitrary shell command execution.


  • DSA-4008 wget - security update
    Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronendiscovered two buffer overflows in the HTTP protocol handler of the Wgetdownload tool, which could result in the execution of arbitrary codewhen connecting to a malicious HTTP server.


  • DSA-4007 curl - security update
    Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URLtransfer library, incorrectly parsed an IMAP FETCH response with size 0,leading to an out-of-bounds read.


  • DSA-4006 mupdf - security update
    Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, whichmay result in denial of service or the execution of arbitrary code.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM