Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>



Debian Planet

Debian Security Notices

  • DSA-3059 dokuwiki - security update
    Two vulnerabilities have been discovered in dokuwiki. Access control inthe media manager was insufficiently restricted and authentication couldbe bypassed when using Active Directory for LDAP authentication.

  • DSA-3058 torque - security update
    Chad Vizino reported a vulnerability in torque, a PBS-derived batchprocessing queueing system. A non-root user could exploit the flaw inthe tm_adopt() library call to kill any process, including root-ownedones on any node in a job.

  • DSA-3057 libxml2 - security update
    Sogeti found a denial of service flaw in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML file that, when processed by anapplication using libxml2, would lead to excessive CPU consumption(denial of service) based on excessive entity substitutions, even ifentity substitution was disabled, which is the parser default behavior.(CVE-2014-3660)

  • DSA-3056 libtasn1-3 - security update
    Several vulnerabilities were discovered in libtasn1-3, a library thatmanages ASN1 (Abstract Syntax Notation One) structures. An attackercould use those to cause a denial-of-service via out-of-bounds accessor NULL pointer dereference.

  • DSA-3054 mysql-5.5 - security update
    Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:

  • DSA-3052 wpa - security update
    Jouni Malinen discovered an input sanitization issue in the wpa_cli andhostapd_cli tools included in the wpa package. A remote wifi systemwithin range could provide a crafted string triggering arbitrary codeexecution running with privileges of the affected wpa_cli or hostapd_cliprocess.

  • DSA-3050 iceweasel - security update
    Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, denial of service, the bypass of thesame-origin policy or a loss of privacy.

  • DSA-3049 wireshark - security update
    Multiple vulnerabilities were discovered in the dissectors/parsers forRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denialof service.

  • DSA-3048 apt - security update
    Guillem Jover discovered that the changelog retrieval functionality inapt-get used temporary files in an insecure way, allowing a local userto cause arbitrary files to be overwritten.

  • DSA-3047 rsyslog - security update
    Mancha discovered a vulnerability in rsyslog, a system for logprocessing. This vulnerability is an integer overflow that can betriggered by malformed messages to a server, if this one accepts datafrom untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.

  • DSA-3046 mediawiki - security update
    It was reported that MediaWiki, a website engine for collaborative work,allowed to load user-created CSS on pages where user-created JavaScriptis not allowed. A wiki user could be tricked into performing actions bymanipulating the interface from CSS, or JavaScript code being executedfrom CSS, on security-wise sensitive pages like Special:Preferences andSpecial:UserLogin. This update removes the separation of CSS andJavaScript module allowance.

  • DSA-3042 exuberant-ctags - security update
    Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a toolto build tag file indexes of source code definitions: Certain JavaScriptfiles cause ctags to enter an infinite loop until it runs out of diskspace, resulting in denial of service.

Debian Forum at

Page last modified on September 14, 2006, at 12:07 AM