Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>



Debian Planet

Debian Security Notices

  • DSA-3077 openjdk-6 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, information disclosure or denial of service.

  • DSA-3076 wireshark - security update
    Multiple vulnerabilities were discovered in the dissectors/parsers forSigComp UDVM, AMQP, NCP and TN5250, which could result in denial ofservice.

  • DSA-3075 drupal7 - security update
    Two vulnerabilities were discovered in Drupal, a fully-featured contentmanagement framework. The Common Vulnerabilities and Exposures projectidentifies the following issues:

  • DSA-3074 php5 - security update
    Francisco Alonso of Red Hat Product Security found an issue in the fileutility, whose code is embedded in PHP, a general-purpose scriptinglanguage. When checking ELF files, note headers are incorrectlychecked, thus potentially allowing attackers to cause a denial ofservice (out-of-bounds read and application crash) by supplying aspecially crafted ELF file.

  • DSA-3073 libgcrypt11 - security update
    Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamalencryption subkeys in applications using the libgcrypt11 library, forexample GnuPG 2.x, could be leaked via a side-channel attack.

  • DSA-3072 file - security update
    Francisco Alonso of Red Hat Product Security found an issue in the fileutility: when checking ELF files, note headers are incorrectly checked,thus potentially allowing attackers to cause a denial of service(out-of-bounds read and application crash) by supplying a speciallycrafted ELF file.

  • DSA-3071 nss - security update
    In nss, a set of libraries designed to support cross-platformdevelopment of security-enabled client and server applications, TysonSmith and Jesse Schwartzentruber discovered a use-after-freevulnerability that allows remote attackers to execute arbitrary code bytriggering the improper removal of an NSSCertificate structure from atrust domain.

  • DSA-3069 curl - security update
    Symeon Paraschoudis discovered that the curl_easy_duphandle() functionin cURL, an URL transfer library, has a bug that can lead to libcurleventually sending off sensitive data that was not intended for sending,while performing a HTTP POST operation.

  • DSA-3065 libxml-security-java - security update
    James Forshaw discovered that, in Apache Santuario XML Security forJava, CanonicalizationMethod parameters were incorrectly validated:by specifying an arbitrary weak canonicalization algorithm, anattacker could spoof XML signatures.

  • DSA-3064 php5 - security update
    Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. It has beendecided to follow the stable 5.4.x releases for the Wheezy PHP packages.Consequently the vulnerabilities are addressed by upgrading PHP to a newupstream version 5.4.34, which includes additional bug fixes, newfeatures and possibly incompatible changes. Please refer to the upstreamchangelog for more information:

  • DSA-3063 quassel - security update
    An out-of-bounds read vulnerability was discovered in Quassel-core, oneof the components of the distributed IRC client Quassel. An attacker cansend a crafted message that crash to component causing a denial ofservices or disclosure of information from process memory.

  • DSA-3062 wget - security update
    HD Moore of Rapid7 discovered a symlink attack in Wget, a command-lineutility to retrieve files via HTTP, HTTPS, and FTP. The vulnerabilityallows to create arbitrary files on the user's system when Wget runs inrecursive mode against a malicious FTP server. Arbitrary file creationmay override content of user's files or permit remote code execution withthe user privilege.

  • DSA-3061 icedove - security update
    Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail and news client: Multiple memory safetyerrors, buffer overflows, use-after-frees and other implementationerrors may lead to the execution of arbitrary code or denial of service.

  • DSA-3059 dokuwiki - security update
    Two vulnerabilities have been discovered in dokuwiki. Access control inthe media manager was insufficiently restricted and authentication couldbe bypassed when using Active Directory for LDAP authentication.

  • DSA-3058 torque - security update
    Chad Vizino reported a vulnerability in torque, a PBS-derived batchprocessing queueing system. A non-root user could exploit the flaw inthe tm_adopt() library call to kill any process, including root-ownedones on any node in a job.

Debian Forum at

Page last modified on September 14, 2006, at 12:07 AM