Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3728 firefox-esr - security update
    A use-after-free vulnerability in the SVG Animation was discovered inthe Mozilla Firefox web browser, allowing a remote attacker to cause adenial of service (application crash) or execute arbitrary code, if auser is tricked into opening a specially crafted website.


  • DSA-3727 hdf5 - security update
    Cisco Talos discovered that hdf5, a file format and library forstoring scientific data, contained several vulnerabilities that couldlead to arbitrary code execution when handling untrusted data.



  • DSA-3726 imagemagick - security update
    Several issues have been discovered in ImageMagick, a popular set ofprograms and libraries for image manipulation. These issues includeseveral problems in memory handling that can result in a denial ofservice attack or in execution of arbitrary code by an attacker withcontrol on the image input.




  • DSA-3722 vim - security update
    Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vieditor, does not properly validate values for the filetype,syntax and keymap options, which may result in the execution ofarbitrary code if a file with a specially crafted modeline is opened.


  • DSA-3721 tomcat7 - security update
    Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in possible timing attacks todetermine valid user names, bypass of the SecurityManager, disclosure ofsystem properties, unrestricted access to global resources, arbitraryfile overwrites, and potentially escalation of privileges.


  • DSA-3720 tomcat8 - security update
    Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in possible timing attacks todetermine valid user names, bypass of the SecurityManager, disclosure ofsystem properties, unrestricted access to global resources, arbitraryfile overwrites, and potentially escalation of privileges.


  • DSA-3719 wireshark - security update
    It was discovered that wireshark, a network protocol analyzer,contained several vulnerabilities in the dissectors for DCERPC,AllJoyn, DTN, and OpenFlow, that could lead to various crashes,denial-of-service, or execution of arbitrary code.




  • DSA-3716 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code orbypass of the same-origin policy. Also, a man-in-the-middle attack inthe addon update mechanism has been fixed.



  • DSA-3714 akonadi - security update
    In some configurations the MySQL storage backend for Akonadi, anextensible cross-desktop Personal Information Management (PIM) storageservice failed to start after applying the MySQL 5.5.53 security upgrade.



  • DSA-3712 terminology - security update
    Nicolas Braud-Santoni discovered that incorrect sanitising of characterescape sequences in the Terminology terminal emulator may result in theexecution of arbitrary commands.


  • DSA-3711 mariadb-10.0 - security update
    Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.28. Please see the MariaDB 10.0 Release Notes for furtherdetails:


  • DSA-3710 pillow - security update
    Cris Neckar discovered multiple vulnerabilities in Pillow, a Pythonimaging library, which may result in the execution of arbitrary code orinformation disclosure if a malformed image file is processed.


  • DSA-3709 libxslt - security update
    Nick Wellnhofer discovered that the xsltFormatNumberConversion functionin libxslt, an XSLT processing runtime library, does not properly checkfor a zero byte terminating the pattern string. This flaw can beexploited to leak a couple of bytes after the buffer that holds thepattern string.


  • DSA-3708 mat - security update
    Hartmut Goebel discovered that MAT, a toolkit to anonymise/removemetadata from files did not remove metadata from images embededed in PDFdocuments.


  • DSA-3707 openjdk-7 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in breakoutsof the Java sandbox or denial of service.


  • DSA-3706 mysql-5.5 - security update
    Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.53, which includes additional changes, such as performanceimprovements, bug fixes, new features, and possibly incompatiblechanges. Please see the MySQL 5.5 Release Notes and Oracle's CriticalPatch Update advisory for further details:



  • DSA-3704 memcached - security update
    Aleksandar Nikolic of Cisco Talos discovered several integer overflowvulnerabilities in memcached, a high-performance memory object cachingsystem. A remote attacker can take advantage of these flaws to cause adenial of service (daemon crash), or potentially to execute arbitrarycode.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM