NTLUG | Debian / Debian browse

<< Mandriva | Distributions | Gentoo >>

On this page... (hide)

Community
Support
Debian Planet
Debian Security Notices
Debian Forum at linuxquestions.org

Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

DSA-5734-1 bind9 - security update
Several vulnerabilities were discovered in BIND, a DNS serverimplementation, which may result in denial of service.
To mitigate CVE-2024-1737 two new configuration statements have beenadded to allow operators of secondary servers and recursive resolvers toset an upper bound on the growth of data in their zones or caches.Details can be found at: https://kb.isc.org/docs/rrset-limits-in-zones
https://security-tracker.debian.org/tracker/DSA-5734-1

DSA-5733-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldpotentially result in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5733-1

DSA-5732-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5732-1

DSA-5731-1 linux - security update
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.
https://security-tracker.debian.org/tracker/DSA-5731-1

DSA-5730-1 linux - security update
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.
https://security-tracker.debian.org/tracker/DSA-5730-1

DSA-5729-1 apache2 - security update
Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in authentication bypass, execution of scripts indirectories not directly reachable by any URL, server-side requestforgery or denial of service.
https://security-tracker.debian.org/tracker/DSA-5729-1

DSA-5728-1 exim4 - security update
Phillip Szelat discovered that Exim, a mail transport agent, does notproperly parse a multiline RFC 2231 header filename, allowing a remoteattacker to bypass a $mime_filename based extension-blocking protectionmechanism.
https://security-tracker.debian.org/tracker/DSA-5728-1

DSA-5727-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode or privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5727-1

DSA-5726-1 krb5 - security update
Two vulnerabilities were discovered in the GSS message token handling inkrb5, the MIT implementation of Kerberos. An attacker can take advantageof these flaws to bypass integrity protections or cause a denial ofservice.
https://security-tracker.debian.org/tracker/DSA-5726-1

DSA-5725-1 znc - security update
Johannes Kuhn discovered that messages and channel names are notproperly escaped in the modtcl module in ZNC, a IRC bouncer, which couldresult in remote code execution via specially crafted messages.
https://security-tracker.debian.org/tracker/DSA-5725-1

DSA-5724-1 openssh - security update
The Qualys Threat Research Unit (TRU) discovered that OpenSSH, animplementation of the SSH protocol suite, is prone to a signal handlerrace condition. If a client does not authenticate within LoginGraceTimeseconds (120 by default), then sshd's SIGALRM handler is calledasynchronously and calls various functions that are notasync-signal-safe. A remote unauthenticated attacker can take advantageof this flaw to execute arbitrary code with root privileges. This flawaffects sshd in its default configuration.
Details can be found in the Qualys advisory athttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://security-tracker.debian.org/tracker/DSA-5724-1

DSA-5723-1 plasma-workspace - security update
Fabian Vogt discovered that the KDE session management serverinsufficiently restricted ICE connections from localhost, which couldallow a local attacker to execute arbitrary code as another user onnext boot.
https://security-tracker.debian.org/tracker/DSA-5723-1

DSA-5722-1 libvpx - security update
It was discovered that multiple integer overflows in libvpx, amultimedia library for the VP8 and VP9 video codecs, may result indenial of service and potentially the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5722-1

DSA-5721-1 ffmpeg - security update
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
https://security-tracker.debian.org/tracker/DSA-5721-1

DSA-5720-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5720-1

DSA-5719-1 emacs - security update
It was discovered that Emacs is prone to arbitrary shell code evaluationwhen opening a specially crafted Org file.
This update includes updates pending for the upcoming point releasesincluding other security fixes.
https://security-tracker.debian.org/tracker/DSA-5719-1

DSA-5718-1 org-mode - security update
It was discovered that Org Mode for Emacs is prone to arbitrary shellcode evaluation when opening a specially crafted Org file.
This update includes updates pending for the upcoming point releasesincluding other security fixes.
https://security-tracker.debian.org/tracker/DSA-5718-1

DSA-5715-2 composer - regression update
The update for composer released as DSA 5715 introduced a regressionin the handling of git feature branches. Updated composer packagesare now available to address this issue.
https://security-tracker.debian.org/tracker/DSA-5715-2

DSA-5717-1 php8.2 - security update
It was discovered that user validation was incorrectly implementedfor filter_var(FILTER_VALIDATE_URL).
https://security-tracker.debian.org/tracker/DSA-5717-1

DSA-5716-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5716-1

DSA-5715-1 composer - security update
Two vulnerabilities have been discovered in Composer, a dependencymanager for PHP, which could result in arbitrary command execution byoperating on malicious git/hg repositories.
https://security-tracker.debian.org/tracker/DSA-5715-1

DSA-5714-1 roundcube - security update
Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,discovered that roundcube, a skinnable AJAX based webmail solution forIMAP servers, did not correctly process and sanitize requests. Thiswould allow an attacker to perform Cross-Side Scripting (XSS) attacks.
https://security-tracker.debian.org/tracker/DSA-5714-1

DSA-5713-1 libndp - security update
A buffer overflow was discovered in libndp, a library implementing theIPv6 Neighbor Discovery Protocol (NDP), which could result in denial ofservice or potentially the execution of arbitrary code if malformedIPv6 router advertisements are processed.
https://security-tracker.debian.org/tracker/DSA-5713-1

DSA-5712-1 ffmpeg - security update
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
https://security-tracker.debian.org/tracker/DSA-5712-1

DSA-5711-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldresult inthe execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5711-1

DSA-5710-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5710-1

DSA-5709-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, the bypass of sandbox restrictions or an information leak.
https://security-tracker.debian.org/tracker/DSA-5709-1

DSA-5708-1 cyrus-imapd - security update
Damian Poddebniak discovered that the Cyrus IMAP server didn't restrictmemory allocation for some command arguments which may result in denialof service. This update backports new config directives which allow toconfigure limits, additional details can be found at:
https://www.cyrusimap.org/3.6/imap/download/release-notes/3.6/x/3.6.5.html
These changes are too intrusive to be backported to the version ofCyrus in the oldstable distribution (bullseye). If the IMAP server is usedby untrusted users an update to Debian stable/bookworm is recommended.In addition the version of cyrus-imapd in bullseye-backports will beupdated with a patch soon.
https://security-tracker.debian.org/tracker/DSA-5708-1

DSA-5707-1 vlc - security update
A buffer overflow was discovered in the MMS module of the VLC mediaplayer.
https://security-tracker.debian.org/tracker/DSA-5707-1

DSA-5706-1 libarchive - security update
An integer overflow vulnerability in the rar e8 filter was discovered inlibarchive, a multi-format archive and compression library, which mayresult in the execution of arbitrary code if a specially crafted RARarchive is processed.
https://security-tracker.debian.org/tracker/DSA-5706-1

Community

Support

Debian Planet

Debian Security Notices

Debian Forum at linuxquestions.org