|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
<< Mandriva | Distributions | Gentoo >>
Community
Support
|
Debian Planet
|
Debian Security Notices
- DSA-5380 xorg-server - security update
Jan-Niklas Sohn discovered that a user-after-free flaw in the Compositeextension of the X.org X server may result in privilege escalation ifthe X server is running under the root user.
- DSA-5379 dino-im - security update
Kim Alvefur discovered that insufficient message sender validation indino-im, a modern XMPP/Jabber client, may result in manipulation ofentries in the personal bookmark store without user interaction via aspecially crafted message. Additionally an attacker can take advantageof this flaw to change how group chats are displayed or force a user tojoin or leave an attacker-selected groupchat.
- DSA-5378 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor,which could result in privilege escalation, denial of service orinformation leaks.
- DSA-5377 chromium - security update
Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
- DSA-5376 apache2 - security update
Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in HTTP response splitting or denial of service.
- DSA-5374 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the executionof arbitrary code or spoofing.
- DSA-5373 node-sqlite3 - security update
Dave McDaniel discovered that the SQLite3 bindings for Node.js weresusceptible to the execution of arbitrary JavaScript code if a bindingparameter is a crafted object.
- DSA-5372 rails - security update
Multiple vulnerabilities were discovered in rails, the Ruby based server-sideMVC web application framework, which could result in XSS, data disclosureand open redirect.
- DSA-5371 chromium - security update
Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
- DSA-5370 apr - security update
Ronald Crane discovered that missing input sanitizing in the apr_encodefunctions of apr, the Apache Portable Runtime library, may result indenial of service or potentially the execution of arbitrary code.
- DSA-5369 syslog-ng - security update
It was discovered that an integer overflow in the RFC3164 parser ofsyslog-ng, a system logging daemon, may result in denial of servicevia malformed syslog messages.
- DSA-5368 libreswan - security update
It was discovered that the libreswan IPsec implementation could beforced into a crash/restart via malformed IKEv2 packets after peerauthentication, resulting in denial of service.
- DSA-5365 curl - security update
Patrick Monnerat discovered that Curl's support for chained HTTPcompression algorithms was susceptible to denial of service.
|
