1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4972 ghostscript - security update
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,does not properly validate access for the "", "" and"" io devices, which could result in the execution of arbitrarycode if a malformed Postscript file is processed (despite the -dSAFERsandbox being enabled).
- DSA-4971 ntfs-3g - security update
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFSdriver for FUSE. A local user can take advantage of these flaws forlocal root privilege escalation.
- DSA-4970 postorius - security update
Kevin Israel discovered that Postorius, the administrative web frontendfor Mailman 3, didn't validate whether a logged-in user owns the emailaddress when unsubscribing.
- DSA-4968 haproxy - security update
Ori Hollander reported that missing header name length checks in thehtx_add_header() and htx_add_trailer() functions in HAProxy, a fast andreliable load balancing reverse proxy, could result in request smugglingattacks or response splitting attacks.
- DSA-4967 squashfs-tools - security update
Etienne Stalmans discovered that unsquashfs in squashfs-tools, the toolsto create and extract Squashfs filesystems, does not validate filenamesfor traversal outside of the destination directory. An attacker can takeadvantage of this flaw for writing to arbitrary files to the filesystemif a malformed Squashfs image is processed.
- DSA-4966 gpac - security update
Multiple security issues were discovered in the GPAC multimedia frameworkwhich could result in denial of service or the execution of arbitrary code.
- DSA-4965 libssh - security update
It was discovered that a buffer overflow in rekeying in libssh couldresult in denial of service or potentially the execution of arbitrarycode.
- DSA-4964 grilo - security update
Michael Catanzaro reported a problem in Grilo, a framework fordiscovering and browsing media. TLS certificate verification is notenabled on the SoupSessionAsync objects created by Grilo, leaving usersvulnerable to network MITM attacks.
- DSA-4962 ledgersmb - security update
Several vulnerabilities were discovered in LedgerSMB, a financialaccounting and ERP program, which could result in cross-site scriptingor clickjacking.
- DSA-4961 tor - security update
Henry de Valence reported a flaw in the signature verification code inTor, a connection-based low-latency anonymous communication system. Aremote attacker can take advantage of this flaw to cause an assertionfailure, resulting in denial of service.