Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-4208 procps - security update
    The Qualys Research Labs discovered multiple vulnerabilities in procps,a set of command line and full screen utilities for browsing procfs. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:


  • DSA-4207 packagekit - security update
    Matthias Gerstner discovered that PackageKit, a DBus abstraction layerfor simple software management tasks, contains an authentication bypassflaw allowing users without privileges to install local packages.




  • DSA-4204 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick, a graphicalsoftware suite. Various memory handling problems or issues aboutincomplete input sanitizing would result in denial of service ormemory disclosure.


  • DSA-4203 vlc - security update
    Hans Jerry Illikainen discovered a type conversion vulnerability in theMP4 demuxer of the VLC media player, which could result in the executionof arbitrary code if a malformed media file is played.


  • DSA-4202 curl - security update
    OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transferlibrary, could be tricked into reading data beyond the end of a heapbased buffer when parsing invalid headers in an RTSP response.



  • DSA-4200 kwallet-pam - security update
    Fabian Vogt discovered that incorrect permission handling in the PAMmodule of the KDE Wallet could allow an unprivileged local user to gainownership of arbitrary files.


  • DSA-4199 firefox-esr - security update
    Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and other implementation errorsmay lead to the execution of arbitrary code or denial of service.


  • DSA-4198 prosody - security update
    Albert Dengg discovered that incorrect parsing of ?stream:error? messagesin the Prosody Jabber/XMPP server may result in denial of service.


  • DSA-4197 wavpack - security update
    Multiple vulnerabilities were discovered in the wavpack audio codec whichcould result in denial of service or the execution of arbitrary code ifmalformed media files are processed.



  • DSA-4195 wget - security update
    Harry Sintonen discovered that wget, a network utility to retrieve filesfrom the web, does not properly handle '\r\n' from continuation lineswhile parsing the Set-Cookie HTTP header. A malicious web server coulduse this flaw to inject arbitrary cookies to the cookie jar file, addingnew or replacing existing cookie values.


  • DSA-4194 lucene-solr - security update
    An XML external entity expansion vulnerability was discovered in theDataImportHandler of Solr, a search server based on Lucene, which couldresult in information disclosure.



  • DSA-4192 libmad - security update
    Several vulnerabilities were discovered in MAD, an MPEG audio decoderlibrary, which could result in denial of service if a malformed audiofile is processed.


  • DSA-4191 redmine - security update
    Multiple vulnerabilities were discovered in Redmine, a projectmanagement web application. They could lead to remote code execution,information disclosure or cross-site scripting attacks.




  • DSA-4188 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.


  • DSA-4187 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.



  • DSA-4185 openjdk-8 - security update
    Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in denial ofservice, sandbox bypass, execution of arbitrary code or bypass of JARsignature validation.


  • DSA-4184 sdl-image1.2 - security update
    Multiple vulnerabilities have been discovered in the image loadinglibrary for Simple DirectMedia Layer 1.2, which could result in denialof service or the execution of arbitrary code if malformed image filesare opened.


  • DSA-4183 tor - security update
    It has been discovered that Tor, a connection-based low-latencyanonymous communication system, contains a protocol-list handling bugthat could be used to remotely crash directory authorities with anull-pointer exception (TROVE-2018-001).



  • DSA-4181 roundcube - security update
    Andrea Basile discovered that the archive plugin in roundcube, askinnable AJAX based webmail solution for IMAP servers, does notproperly sanitize a user-controlled parameter, allowing a remoteattacker to inject arbitrary IMAP commands and perform maliciousactions.




Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM