<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4647 bluez - security update
It was reported that the BlueZ's HID and HOGP profile implementationsdon't specifically require bonding between the device and the host.Malicious devices can take advantage of this flaw to connect to a targethost and impersonate an existing HID device without security or to causean SDP or GATT service discovery to take place which would allow HIDreports to be injected to the input subsystem from a non-bonded source.
- DSA-4646 icu - security update
Andre Bargull discovered an integer overflow in the InternationalComponents for Unicode (ICU) library which could result in denial ofservice and potentially the execution of arbitrary code.
- DSA-4644 tor - security update
A denial of service vulnerability (by triggering high CPU consumption)was found in Tor, a connection-based low-latency anonymous communicationsystem.
- DSA-4643 python-bleach - security update
It was reported that python-bleach, a whitelist-based HTML-sanitizinglibrary, is prone to a mutation XSS vulnerability in bleach.clean whenstrip=False and math or svg tags and one or more of the RCDATA tagswere whitelisted.
- DSA-4640 graphicsmagick - security update
This update fixes several vulnerabilities in Graphicsmagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service, memory disclosure or the executionof arbitrary code if malformed media files are processed.
- DSA-4637 network-manager-ssh - security update
Kobus van Schoor discovered that network-manager-ssh, a plugin toprovide VPN integration for SSH in NetworkManager, is prone to aprivilege escalation vulnerability. A local user with privileges tomodify a connection can take advantage of this flaw to execute arbitrarycommands as root.
- DSA-4636 python-bleach - security update
It was reported that python-bleach, a whitelist-based HTML-sanitizinglibrary, is prone to a mutation XSS vulnerability in bleach.clean whennoscript and one or more raw text tags were whitelisted.