1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3587 libgd2 - security update
Several vulnerabilities were discovered in libgd2, a library forprogrammatic graphics creation and manipulation. A remote attacker cantake advantage of these flaws to cause a denial-of-service against anapplication using the libgd2 library.
- DSA-3584 librsvg - security update
Gustavo Grieco discovered several flaws in the way librsvg, a SAX-basedrenderer library for SVG files, parses SVG files with circulardefinitions. A remote attacker can take advantage of these flaws tocause an application using the librsvg library to crash.
- DSA-3582 expat - security update
Gustavo Grieco discovered that Expat, an XML parsing C library, does notproperly handle certain kinds of malformed input documents, resulting inbuffer overflows during processing and error reporting. A remoteattacker can take advantage of this flaw to cause an application usingthe Expat library to crash, or potentially, to execute arbitrary codewith the privileges of the user running the application.
- DSA-3581 libndp - security update
Julien Bernard discovered that libndp, a library for the IPv6 NeighborDiscovery Protocol, does not properly perform input and origin checksduring the reception of a NDP message. An attacker in a non-localnetwork could use this flaw to advertise a node as a router, and cause adenial of service attack, or act as a man-in-the-middle.
- DSA-3580 imagemagick - security update
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discoveredseveral vulnerabilities in ImageMagick, a program suite for imagemanipulation. These vulnerabilities, collectively known as ImageTragick,are the consequence of lack of sanitization of untrusted input. Anattacker with control on the image input could, with the privileges ofthe user running the application, execute code(CVE-2016-3714), make HTTPGET or FTP requests (CVE-2016-3718),or delete (CVE-2016-3715), move(CVE-2016-3716), or read(CVE-2016-3717) local files.
- DSA-3579 xerces-c - security update
Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, avalidating XML parser library for C++, due to not properly handlinginvalid characters in XML input documents in the DTDScanner.
- DSA-3578 libidn - security update
It was discovered that libidn, the GNU library for InternationalizedDomain Names (IDNs), did not correctly handle invalid UTF-8 input,causing an out-of-bounds read. This could allow attackers to disclosesensitive information from an application using the libidn library.
- DSA-3577 jansson - security update
Gustavo Grieco discovered that jansson, a C library for encoding,decoding and manipulating JSON data, did not limit the recursion depthwhen parsing JSON arrays and objects. This could allow remote attackersto cause a denial of service (crash) via stack exhaustion, using craftedJSON data.
- DSA-3576 icedove - security update
Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
- DSA-3574 libarchive - security update
Rock Stevens, Andrew Ruef and Marcin Icewall Noga discovered aheap-based buffer overflow vulnerability in the zip_read_mac_metadatafunction in libarchive, a multi-format archive and compression library,which may lead to the execution of arbitrary code if a user or automatedsystem is tricked into processing a specially crafted ZIP file.
- DSA-3572 websvn - security update
Nitin Venkatesh discovered that websvn, a web viewer for Subversionrepositories, is susceptible to cross-site scripting attacks viaspecially crafted file and directory names in repositories.
- DSA-3571 ikiwiki - security update
Simon McVittie discovered a cross-site scripting vulnerability in theerror reporting of Ikiwiki, a wiki compiler. This update also hardensikiwiki's use of imagemagick in the img plugin.
- DSA-3570 mercurial - security update
Blake Burkhart discovered an arbitrary code execution flaw inMercurial, a distributed version control system, when using the convertextension on Git repositories with specially crafted names. This flaw inparticular affects automated code conversion services that allowarbitrary repository names.
- DSA-3569 openafs - security update
Two vulnerabilities were discovered in openafs, an implementation of thedistributed filesystem AFS. The Common Vulnerabilities and Exposuresproject identifies the following problems:
- DSA-3568 libtasn1-6 - security update
Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library tomanage ASN.1 structures, does not correctly handle certain malformed DERcertificates. A remote attacker can take advantage of this flaw to causean application using the Libtasn1 library to hang, resulting in a denialof service.
- DSA-3567 libpam-sshauth - security update
It was discovered that libpam-sshauth, a PAM module to authenticateusing an SSH server, does not correctly handle system users. In certainconfigurations an attacker can take advantage of this flaw to gain rootprivileges.
- DSA-3565 botan1.10 - security update
Several security vulnerabilities were found in botan1.10, a C++library which provides support for many common cryptographicoperations, including encryption, authentication, X.509v3 certificatesand CRLs.
- DSA-3563 poppler - security update
It was discovered that a heap overflow in the Poppler PDF library mayresult in denial of service and potentially the execution of arbitrarycode if a malformed PDF file is opened.
- DSA-3562 tardiff - security update
Several vulnerabilities were discovered in tardiff, a tarball comparisontool. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
- DSA-3561 subversion - security update
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
- DSA-3560 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
- DSA-3559 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors andbuffer overflows may lead to the execution of arbitrary code or denialof service.