1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3919 openjdk-8 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in sandbox bypass,use of insecure cryptography, side channel attacks, informationdisclosure, the execution of arbitrary code, denial of service orbypassing Jar verification.
- DSA-3917 catdoc - security update
A heap-based buffer underflow flaw was discovered in catdoc, a textextractor for MS-Office files, which may lead to denial of service(application crash) or have unspecified other impact, if a speciallycrafted file is processed.
- DSA-3916 atril - security update
It was discovered that Atril, the MATE document viewer, made insecureuse of tar when opening tar comic book archives (CBT). Opening amalicious CBT archive could result in the execution of arbitrary code.This update disables the CBT format entirely.
- DSA-3915 ruby-mixlib-archive - security update
It was discovered that ruby-mixlib-archive, a Chef Software's libraryused to handle various archive formats, was vulnerable to a directorytraversal attack. This allowed attackers to overwrite arbitrary filesby using a malicious tar archive containing ".." in its entries.
- DSA-3914 imagemagick - security update
This updates fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service, memory disclosure or theexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNGfiles are processed.
- DSA-3913 apache2 - security update
Robert Swiecki reported that mod_auth_digest does not properlyinitialize or reset the value placeholder in [Proxy-]Authorizationheaders of type Digest between successive key=value assignments,leading to information disclosure or denial of service.
- DSA-3912 heimdal - security update
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported thatHeimdal, an implementation of Kerberos 5 that aims to be compatible withMIT Kerberos, trusts metadata taken from the unauthenticated plaintext(Ticket), rather than the authenticated and encrypted KDC response. Aman-in-the-middle attacker can use this flaw to impersonate services tothe client.
- DSA-3911 evince - security update
Felix Wilhelm discovered that the Evince document viewer made insecureuse of tar when opening tar comic book archives (CBT). Opening amalicious CBT archive could result in the execution of arbitrary code.This update disables the CBT format entirely.
- DSA-3910 knot - security update
Clément Berthaux from Synaktiv discovered a signature forgery vulnerability inknot, an authoritative-only DNS server. This vulnerability allows an attackerto bypass TSIG authentication by sending crafted DNS packets to a server.
- DSA-3909 samba - security update
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutualauthentication bypass vulnerability in samba, the SMB/CIFS file, print, andlogin server. Also known as Orpheus' Lyre, this vulnerability is located inSamba Kerberos Key Distribution Center (KDC-REP) component and could be used byan attacker on the network path to impersonate a server.
- DSA-3908 nginx - security update
An integer overflow has been found in the HTTP range module of Nginx, ahigh-performance web and reverse proxy server, which may result ininformation disclosure.
- DSA-3907 spice - security update
Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocolclient and server library which may result in memory disclosure, denialof service and potentially the execution of arbitrary code.
- DSA-3906 undertow - security update
Two vulnerabilities have been discovered in Undertow, a web serverwritten in Java, which may lead to denial of service or HTTP requestsmuggling.
- DSA-3904 bind9 - security update
Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNSserver implementation. They allow an attacker to bypass TSIG authentication bysending crafted DNS packets to a server.
- DSA-3903 tiff - security update
Multiple vulnerabilities have been discovered in the libtiff library andthe included tools, which may result in denial of service or theexecution of arbitrary code.
- DSA-3902 jabberd2 - security update
It was discovered that jabberd2, a Jabber instant messenger server,allowed anonymous SASL connections, even if disabled in theconfiguration.
- DSA-3901 libgcrypt20 - security update
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon GrootBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal andYuval Yarom discovered that Libgcrypt is prone to a local side-channelattack allowing full key recovery for RSA-1024.
- DSA-3899 vlc - security update
Several vulnerabilities have been found in VLC, the VideoLAN project'smedia player. Processing malformed subtitles or movie files could leadto denial of service and potentially the execution of arbitrary code.