Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

  • DSA-4838 mutt - security update
    Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipientparsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP andthreading, which could result in denial of service.


  • DSA-4837 salt - security update
    Several vulnerabilities were discovered in salt, a powerful remoteexecution manager. The flaws could result in authentication bypass andinvocation of Salt SSH, creation of certificates with weak filepermissions via the TLS execution module or shell injections with theSalt API using the SSH client.


  • DSA-4836 openvswitch - security update
    Two vulnerabilities were discovered in the LLPD implementation of OpenvSwitch, a software-based Ethernet virtual switch, which could result indenial of service.



  • DSA-4834 vlc - security update
    Multiple vulnerabilities were discovered in the VLC media player, whichcould result in the execution of arbitrary code or denial of service ifa malformed media file is opened.



  • DSA-4832 chromium - security update
    Multiple security issues were discovered in the Chromium web browser, whichcould result in the execution of arbitrary code, denial of serviceor information disclosure.


  • DSA-4831 ruby-redcarpet - security update
    Johan Smits discovered that ruby-redcarpet, a markdown parser, did notproperly validate its input. This would allow an attacker to mount across-site scripting attack.


  • DSA-4830 flatpak - security update
    Simon McVittie discovered a bug in the flatpak-portal service that canallow sandboxed applications to execute arbitrary code on the host system(a sandbox escape).


  • DSA-4829 coturn - security update
    A flaw was discovered in coturn, a TURN and STUN server for VoIP. Bydefault coturn does not allow peers on the loopback addresses(127.x.x.x and ::1). A remote attacker can bypass the protection via aspecially crafted request using a peer address of 0.0.0.0 and trickcoturn in relaying to the loopback interface. If listening on IPv6 theloopback interface can also be reached by using either [::1] or [::] asthe address.


  • DSA-4828 libxstream-java - security update
    Liaogui Zhong discovered two security issues in XStream, a Java libraryto serialise objects to XML and back again, which could result in thedeletion of files or server-side request forgery when unmarshalling.



  • DSA-4826 nodejs - security update
    Two vulnerabilities were discovered in Node.js, which could result indenial of service and potentially the execution of arbitrary code orHTTP request smuggling.



  • DSA-4824 chromium - security update
    Multiple security issues were discovered in the Chromium web browser, whichcould result in the execution of arbitrary code, denial of serviceor information disclosure.


  • DSA-4823 influxdb - security update
    It was discovered that incorrect validation of JWT tokens in InfluxDB,a time series, metrics, and analytics database, could result inauthentication bypass.


  • DSA-4822 p11-kit - security update
    David Cook reported several memory safety issues affecting the RPCprotocol in p11-kit, a library providing a way to load and enumeratePKCS#11 modules.


  • DSA-4821 roundcube - security update
    Alex Birnberg discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, is prone to a cross-site scriptingvulnerability in handling HTML or Plain text messages with maliciouscontent.



Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM