Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-3028 icedove - security update
    Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail and news client: Multiple memory safetyerrors and use-after-frees may lead to the execution of arbitrary codeor denial of service.




  • DSA-3025 apt - security update
    It was discovered that APT, the high level package manager, does notproperly invalidate unauthenticated data(CVE-2014-0488), performsincorrect verification of 304 replies(CVE-2014-0487), does not performthe checksum check when the Acquire::GzipIndexes option is used(CVE-2014-0489) and does not properly perform validation for binarypackages downloaded by the apt-get download command(CVE-2014-0490).



  • DSA-3023 bind9 - security update
    Jared Mauch reported a denial of service flaw in the way BIND, a DNSserver, handled queries for NSEC3-signed zones. A remote attacker coulduse this flaw against an authoritative name server that servedNCES3-signed zones by sending a specially crafted query, which, whenprocessed, would cause named to crash.



  • DSA-3020 acpi-support - security update
    During a review for EDF, Raphael Geissert discovered that theacpi-support package did not properly handle data obtained from auser's environment. This could lead to program malfunction or allow alocal user to escalate privileges to the root user due to a programmingerror.


  • DSA-3021 file - security update
    Multiple security issues have been found in file, a tool to determinea file type. These vulnerabilities allow remote attackers to cause adenial of service, via resource consumption or application crash.


  • DSA-3019 procmail - security update
    Boris pi Piwinger and Tavis Ormandy reported a heap overflowvulnerability in procmail's formail utility when processingspecially-crafted email headers. A remote attacker could use this flawto cause formail to crash, resulting in a denial of service or dataloss, or possibly execute arbitrary code.


  • DSA-3018 iceweasel - security update
    Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors anduse-after-frees may lead to the execution of arbitrary code or denialof service.


  • DSA-3017 php-cas - security update
    Marvin S. Addison discovered that Jasig phpCAS, a PHP library for theCAS authentication protocol, did not encode tickets before adding themto an URL, creating a possibility for cross site scripting.


  • DSA-3016 lua5.2 - security update
    A heap-based overflow vulnerability was found in the way Lua, asimple, extensible, embeddable programming language, handles varargsfunctions with many fixed parameters called with few arguments,leading to application crashes or, potentially, arbitrary codeexecution.


  • DSA-3015 lua5.1 - security update
    A heap-based overflow vulnerability was found in the way Lua, asimple, extensible, embeddable programming language, handles varargsfunctions with many fixed parameters called with few arguments,leading to application crashes or, potentially, arbitrary codeexecution.


  • DSA-3014 squid3 - security update
    Matthew Daley discovered that Squid3, a fully featured web proxy cache,did not properly perform input validation in request parsing. A remoteattacker could use this flaw to mount a denial of service by sendingcrafted Range requests.


  • DSA-3013 s3ql - security update
    Nikolaus Rath discovered that s3ql, a file system for online datastorage, used the pickle functionality of the Python programminglanguage in an unsafe way. As a result, a malicious storage backendor man-in-the-middle attacker was able execute arbitrary code.


  • DSA-3012 eglibc - security update
    Tavis Ormandy discovered a heap-based buffer overflow in thetransliteration module loading code in eglibc, Debian's version of theGNU C Library. As a result, an attacker who can supply a crafteddestination character set argument to iconv-related characterconversation functions could achieve arbitrary code execution.


  • DSA-3011 mediawiki - security update
    It was discovered that MediaWiki, a website engine for collaborativework, is vulnerable to JSONP injection in Flash (CVE-2014-5241) andclickjacking between OutputPage and ParserOutput (CVE-2014-5243). Thevulnerabilities are addressed by upgrading MediaWiki to the new upstreamversion 1.19.18, which includes additional changes.


  • DSA-3010 python-django - security update
    Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems:


  • DSA-3009 python-imaging - security update
    Andrew Drake discovered that missing input sanitising in the icns decoderof the Python Imaging Library could result in denial of service if amalformed image is processed.


  • DSA-3008 php5 - security update
    Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. The CommonVulnerabilities and Exposures project identifies the following problems:



  • DSA-3007 cacti - security update
    Multiple security issues (cross-site scripting, missing input sanitisingand SQL injection) have been discovered in Cacti, a web interface forgraphing of monitoring systems.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM