1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4298 hylafax - security update
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missinginput sanitising in the Hylafax fax software could potentially result inthe execution of arbitrary code via a malformed fax message.
- DSA-4297 chromium-browser - security update
Two vulnerabilities have been discovered in the chromium web browser.Kevin Cheung discovered an error in the WebAssembly implementation andevil1m0 discovered a URL spoofing issue.
- DSA-4296 mbedtls - security update
Two vulnerabilities were discovered in mbedtls, a lightweight crypto andSSL/TLS library which could result in plain text recovery viaside-channel attacks.
- DSA-4295 thunderbird - security update
Multiple security issues have been found in Thunderbird: Multiple memorysafety errors and use-after-frees may lead to the execution of arbitrarycode or denial of service.
- DSA-4294 ghostscript - security update
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, aninterpreter for the PostScript language, which could result in theexecution of arbitrary code if a malformed Postscript file is processed(despite the dSAFER sandbox being enabled).
- DSA-4293 discount - security update
Several heap buffer overflows were found in discount, an implementationof the Markdown markup language, that could be triggered with speciallycrafted Markdown data and would cause discount to read past the end ofinternal buffers.
- DSA-4292 kamailio - security update
Henning Westerholt discovered a flaw related to the Via headerprocessing in kamailio, a very fast, dynamic and configurable SIPserver. An unauthenticated attacker can take advantage of this flaw tomount a denial of service attack via a specially crafted SIP messagewith an invalid Via header.
- DSA-4291 mgetty - security update
Two input sanitization failures have been found in the faxrunq and faxqbinaries in mgetty, a smart modem getty replacement. An attacker could leveragethem to insert commands via shell metacharacters in jobs id and have themexecuted with the privilege of the faxrunq/faxq user.
- DSA-4290 libextractor - security update
Several vulnerabilities were discovered in libextractor, a library toextract arbitrary meta-data from files, which may lead to denial ofservice or the execution of arbitrary code if a specially crafted fileis opened.
- DSA-4288 ghostscript - security update
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, aninterpreter for the PostScript language, which could result in denial ofservice, the creation of files or the execution of arbitrary code if amalformed Postscript file is processed (despite the dSAFER sandbox beingenabled).
- DSA-4287 firefox-esr - security update
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and use-after-frees may lead tothe execution of arbitrary code or denial of service.
- DSA-4286 curl - security update
Zhaoyang Wu discovered that cURL, an URL transfer library, contains abuffer overflow in the NTLM authentication code triggered by passwordsthat exceed 2GB in length on 32bit systems.
- DSA-4285 sympa - security update
Michael Kaczmarczik discovered a vulnerability in the web interfacetemplate editing function of Sympa, a mailing list manager. Owner andlistmasters could use this flaw to create or modify arbitrary files inthe server with privileges of sympa user or owner view list config fileseven if edit_list.conf prohibits it.
- DSA-4284 lcms2 - security update
Quang Nguyen discovered an integer overflow in the Little CMS 2 colourmanagement library, which could result in denial of service and potentially theexecution of arbitrary code if a malformed IT8 calibration file isprocessed.
- DSA-4282 trafficserver - security update
Several vulnerabilities were discovered in Apache Traffic Server, areverse and forward proxy server, which could result in denial ofservice, cache poisoning or information disclosure.
- DSA-4281 tomcat8 - security update
Several issues were discovered in the Tomcat servlet and JSPengine. They could lead to unauthorized access to protected resources,denial-of-service, or information leak.
- DSA-4280 openssh - security update
Dariusz Tytko, Michal Sajdak and Qualys Security discovered thatOpenSSH, an implementation of the SSH protocol suite, was prone to auser enumeration vulnerability. This would allow a remote attacker tocheck whether a specific user account existed on the target server.