1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4416 wireshark - security update
It was discovered that Wireshark, a network traffic analyzer, containedseveral vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE,ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial ofservice.
- DSA-4415 passenger - security update
An arbitrary file read vulnerability was discovered in passenger, a webapplication server. A local user allowed to deploy an application topassenger, can take advantage of this flaw by creating a symlink fromthe REVISION file to an arbitrary file on the system and have itscontent displayed through passenger-status.
- DSA-4413 ntfs-3g - security update
A heap-based buffer overflow was discovered in NTFS-3G, a read-writeNTFS driver for FUSE. A local user can take advantage of this flaw forlocal root privilege escalation.
- DSA-4412 drupal7 - security update
It was discovered that missing input sanitising in the file module ofDrupal, a fully-featured content management framework, could result incross-site scripting.
- DSA-4410 openjdk-8 - security update
A memory disclosure vulnerability was discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in informationdisclosure or bypass of sandbox restrictions.
- DSA-4409 neutron - security update
Erik Olof Gunnar Andersson discovered that incorrect validation of portsettings in the iptables security group driver of Neutron, the OpenStackvirtual network service, could result in denial of service in a multitenant setup.
- DSA-4408 liblivemedia - security update
Multiple security issues were discovered in liveMedia, a set of C++libraries for multimedia streaming which could result in the executionof arbitrary code or denial of service when parsing a malformed RTSPstream.
- DSA-4407 xmltooling - security update
Ross Geerlings discovered that the XMLTooling library didn't correctlyhandle exceptions on malformed XML declarations, which could result indenial of service against the application using XMLTooling.
- DSA-4406 waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent createdswap files with world-readable permissions, resulting in informationdisclosure.
- DSA-4405 openjpeg2 - security update
Multiple vulnerabilities have been discovered in openjpeg2, theopen-source JPEG 2000 codec, that could be leveraged to cause a denialof service or possibly remote code execution.
- DSA-4404 chromium - security update
Clement Lecigne discovered a use-after-free issue in chromium's filereader implementation. A maliciously crafted file could be used toremotely execute arbitrary code because of this problem.
- DSA-4403 php7.0 - security update
Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language: The EXIF extension had multiple casesof invalid memory access and rename() was implemented insecurely.
- DSA-4402 mumble - security update
It was discovered that insufficient restrictions in the connectionhandling of Mumble, a low latency encrypted VoIP client, could result indenial of service.
- DSA-4401 wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-SideScripting (XSS) and PHP injections attacks, delete files, leakpotentially sensitive data, create posts of unauthorized types, orcause denial-of-service by application crash.
- DSA-4399 ikiwiki - security update
Joey Hess discovered that the aggregate plugin of the Ikiwiki wikicompiler was susceptible to server-side request forgery, resulting ininformation disclosure or denial of service.
- DSA-4398 php7.0 - security update
Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language: Multiple out-of-bounds memoryaccesses were found in the xmlrpc, mbstring and phar extensions andthe dns_get_record() function.
- DSA-4397 ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare()function of ldb, a LDAP-like embedded database, resulting in denial ofservice.