Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

King of Glory Lutheran Church

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-2910 qemu-kvm - security update
    Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in theway qemu processed MAC addresses table update requests from the guest.


  • DSA-2909 qemu - security update
    Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in theway qemu processed MAC addresses table update requests from the guest.


  • DSA-2908 openssl - security update
    Multiple vulnerabilities have been discovered in OpenSSL. The followingCommon Vulnerabilities and Exposures project ids identify them:




  • DSA-2904 virtualbox - security update
    Francisco Falcon discovered that missing input sanitizing in the 3Dacceleration code in VirtualBox could lead to the execution of arbitrarycode on the host system.


  • DSA-2903 strongswan - security update
    An authentication bypass vulnerability was found in charon, the daemonhandling IKEv2 in strongSwan, an IKE/IPsec suite. The state machinehandling the security association (IKE_SA) handled some state transitionsincorrectly.


  • DSA-2902 curl - security update
    Two vulnerabilities have been discovered in cURL, an URL transferlibrary. The Common Vulnerabilities and Exposures project identifies thefollowing problems:


  • DSA-2901 wordpress - security update
    Several vulnerabilities were discovered in Wordpress, a web bloggingtool. The Common Vulnerabilities and Exposures project identifies thefollowing problems:


  • DSA-2900 jbigkit - security update
    Florian Weimer of the Red Hat product security team discovered multiplebuffer overflows in jbigkit, which could lead to the execution ofarbitrary code when processing malformed images.


  • DSA-2899 openafs - security update
    Michael Meffie discovered that in OpenAFS, a distributed filesystem,an attacker with the ability to connect to an OpenAFS fileserver cantrigger a buffer overflow, crashing the fileserver, and potentiallypermitting the execution of arbitrary code.


  • DSA-2898 imagemagick - security update
    Several buffer overflows were found in Imagemagick, a suite of imagemanipulation programs. Processing malformed PSD files could lead to theexecution of arbitrary code.



  • DSA-2896 openssl - security update
    A vulnerability has been discovered in OpenSSL's support for theTLS/DTLS Heartbeat extension. Up to 64KB of memory from either client orserver can be recovered by an attacker. This vulnerability might allow anattacker to compromise the private key and other sensitive data inmemory.


  • DSA-2895 prosody - security update
    A denial-of-service vulnerability has been reported in Prosody, a XMPPserver. If compression is enabled, an attacker might send highly-compressed XMLelements (attack known as zip bomb) over XMPP streams and consume allthe resources of the server.


  • DSA-2894 openssh - security update
    Two vulnerabilities were discovered in OpenSSH, an implementation of theSSH protocol suite. The Common Vulnerabilities and Exposures projectidentifies the following problems:



  • DSA-2892 a2ps - security update
    Several vulnerabilities have been found in a2ps, an Anything toPostScript converter and pretty-printer. The Common Vulnerabilities andExposures project identifies the following problems:




  • DSA-2889 postfixadmin - security update
    An SQL injection vulnerability was discovered in postfixadmin, a webadministration interface for the Postfix Mail Transport Agent, whichallowed authenticated users to make arbitrary manipulations to thedatabase.




  • DSA-2886 libxalan2-java - security update
    Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,a Java library for XSLT processing. Crafted XSLT programs couldaccess system properties or load arbitrary classes, resulting ininformation disclosure and, potentially, arbitrary code execution.


  • DSA-2885 libyaml-libyaml-perl - security update
    Ivan Fratric of the Google Security Team discovered a heap-based bufferoverflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitterlibrary. A remote attacker could provide a specially-crafted YAMLdocument that, when parsed by an application using libyaml, would causethe application to crash or, potentially, execute arbitrary code withthe privileges of the user running the application.


  • DSA-2884 libyaml - security update
    Ivan Fratric of the Google Security Team discovered a heap-based bufferoverflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitterlibrary. A remote attacker could provide a specially-crafted YAMLdocument that, when parsed by an application using libyaml, would causethe application to crash or, potentially, execute arbitrary code withthe privileges of the user running the application.



  • DSA-2882 extplorer - security update
    Multiple cross-site scripting (XSS) vulnerabilities have been discoveredin extplorer, a web file explorer and manager using Ext JS.A remote attacker can inject arbitrary web script or HTML code via acrafted string in the URL to application.js.php, admin.php, copy_move.php,functions.php, header.php and upload.php.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM