King of Glory Lutheran Church
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-2667 mysql-5.5 - several vulnerabilities
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to a new upstreamversion, 5.5.31, which includes additional changes, such as performanceimprovements and corrections for data loss defects.
- DSA-2664 stunnel4 - buffer overflow
Stunnel, a program designed to work as an universal SSL tunnel fornetwork daemons, is prone to a buffer overflow vulnerability when usingthe Microsoft NT LAN Manager (NTLM) authentication(protocolAuthentication = NTLM) together with the connectprotocol method (protocol = connect). With these prerequisitesand using stunnel4 in SSL client mode (client = yes) on a 64 bithost, an attacker could possibly execute arbitrary code with theprivileges of the stunnel process, if the attacker can either controlthe specified proxy server or perform man-in-the-middle attacks on thetcp session between stunnel and the proxy sever.
- DSA-2660 curl - exposure of sensitive information
Yamada Yasuharu discovered that cURL, an URL transfer library, isvulnerable to expose potentially sensitive information when doingrequests across domains with matching tails. Due to a bug in thetailmatch function when matching domain names, it was possible thatcookies set for a domain ample.com could accidentally also be sentby libcurl when communicating with example.com.
- DSA-2661 xorg-server - information disclosure
David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,the X.Org X server was vulnerable to an information disclosure flawrelated to input handling and devices hotplug.