1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3605 libxslt - security update
Several vulnerabilities were discovered in libxslt, an XSLT processingruntime library, which could lead to information disclosure ordenial-of-service (application crash) against an application using thelibxslt library.
- DSA-3602 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
- DSA-3601 icedove - security update
Multiple security issues have been found in Icedove, Debian's version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
- DSA-3600 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code orspoofing.
- DSA-3599 p7zip - security update
Marcin Icewall Noga of Cisco Talos discovered an out-of-bound readvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zrfile archiver with high compression ratio. A remote attacker can takeadvantage of this flaw to cause a denial-of-service or, potentially theexecution of arbitrary code with the privileges of the user runningp7zip, if a specially crafted UDF file is processed.
- DSA-3598 vlc - security update
Patrick Coleman discovered that missing input sanitising in the ADPCMdecoder of the VLC media player may result in the execution of arbitrarycode if a malformed media file is opened.
- DSA-3596 spice - security update
Several vulnerabilities were discovered in spice, a SPICE protocolclient and server library. The Common Vulnerabilities and Exposuresproject identifies the following problems:
- DSA-3595 mariadb-10.0 - security update
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.25. Please see the MariaDB 10.0 Release Notes for furtherdetails:
- DSA-3593 libxml2 - security update
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, or potentially the execution of arbitrary code with theprivileges of the user running the application.
- DSA-3592 nginx - security update
It was discovered that a NULL pointer dereference in the Nginx coderesponsible for saving client request bodies to a temporary file mightresult in denial of service: Malformed requests could crash workerprocesses.
- DSA-3591 imagemagick - security update
Bob Friesenhahn from the GraphicsMagick project discovered a commandinjection vulnerability in ImageMagick, a program suite for imagemanipulation. An attacker with control on input image or the inputfilename can execute arbitrary commands with the privileges of the userrunning the application.
- DSA-3589 gdk-pixbuf - security update
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkitfor image loading and pixel buffer manipulation. A remote attacker cantake advantage of these flaws to cause a denial-of-service against anapplication using gdk-pixbuf (application crash), or potentially, toexecute arbitrary code with the privileges of the user running theapplication, if a malformed image is opened.
- DSA-3587 libgd2 - security update
Several vulnerabilities were discovered in libgd2, a library forprogrammatic graphics creation and manipulation. A remote attacker cantake advantage of these flaws to cause a denial-of-service against anapplication using the libgd2 library.