1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4368 zeromq3 - security update
Guido Vranken discovered that an incorrect bounds check in ZeroMQ, alightweight messaging kernel, could result in the execution of arbitrarycode.
- DSA-4367 systemd - security update
The Qualys Research Labs discovered multiple vulnerabilities insystemd-journald. Two memory corruption flaws, via attacker-controlledallocations using the alloca function (CVE-2018-16864,CVE-2018-16865)and an out-of-bounds read flaw leading to an information leak(CVE-2018-16866),could allow an attacker to cause a denial of service or the execution ofarbitrary code.
- DSA-4365 tmpreaper - security update
Stephen Roettger discovered a race condition in tmpreaper, a program thatcleans up files in directories based on their age, which could result inlocal privilege escalation.
- DSA-4364 ruby-loofah - security update
It was discovered that ruby-loofah, a general library for manipulatingand transforming HTML/XML documents and fragments, performed insufficientsanitising of SVG elements.
- DSA-4361 libextractor - security update
Several vulnerabilities were discovered in libextractor, a library toextract arbitrary meta-data from files, which may lead to denial ofservice or memory disclosure if a malformed OLE file is processed.
- DSA-4360 libarchive - security update
Multiple security issues were found in libarchive, a multi-format archiveand compression library: Processing malformed RAR archives could resultin denial of service or the execution of arbitrary code and malformedWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.
- DSA-4359 wireshark - security update
Multiple vulnerabilities have been discovered in Wireshark, a networkprotocol analyzer, which could result in denial of service or theexecution of arbitrary code.
- DSA-4358 ruby-sanitize - security update
The Shopify Application Security Team discovered that ruby-sanitize, awhitelist-based HTML sanitizer, is prone to a HTML injectionvulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element.
- DSA-4357 libapache-mod-jk - security update
Raphael Arrouas and Jean Lejeune discovered an access control bypassvulnerability in mod_jk, the Apache connector for the Tomcat Javaservlet engine. The vulnerability is addressed by upgrading mod_jk tothe new upstream version 1.2.46, which includes additional changes.
- DSA-4356 netatalk - security update
Jacob Baines discovered a flaw in the handling of the DSI Opensessioncommand in Netatalk, an implementation of the AppleTalk Protocol Suite,allowing an unauthenticated user to execute arbitrary code with rootprivileges.
- DSA-4355 openssl1.0 - security update
Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure SocketsLayer toolkit.