1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4609 python-apt - security update
Two security issues were found in the Python interface to the aptpackage manager; package downloads from unsigned repositories wereincorrectly rejected and the hash validation relied on MD5.
- DSA-4607 openconnect - security update
Lukas Kupczyk reported a vulnerability in the handling of chunked HTTPin openconnect, an open client for Cisco AnyConnect, Pulse andGlobalProtect VPN. A malicious HTTP server (after having accepted itsidentity certificate), can provide bogus chunk lengths for chunked HTTPencoding and cause a heap-based buffer overflow.
- DSA-4605 openjdk-11 - security update
Several vulnerabilities have been discovered in the OpenJDK Javaruntime, resulting in denial of service, incorrect implementation ofKerberos GSSAPI and TGS requests or incorrect TLS handshakes.
- DSA-4604 cacti - security update
Multiple issues have been found in cacti, a server monitoring system,potentially resulting in SQL code execution or information disclosure byauthenticated users.
- DSA-4602 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, whichcould result in denial of service, guest-to-host privilege escalation orinformation leaks.
- DSA-4601 ldm - security update
It was discovered that a hook script of ldm, the display manager for theLinux Terminal Server Project, incorrectly parsed responses from an SSHserver, which could result in local root privilege escalation.
- DSA-4600 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the executionof arbitrary code, data exfiltration or cross-site scripting.
- DSA-4599 wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-SideScripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, createopen redirects, poison cache, and bypass authorization access andinput sanitation.
- DSA-4598 python-django - security update
Simon Charette reported that the password reset functionality in Django,a high-level Python web development framework, uses a Unicodecase-insensitive query to retrieve accounts matching the email addressrequesting the password reset. An attacker can take advantage of thisflaw to potentially retrieve password reset tokens and hijack accounts.
- DSA-4597 netty - security update
It was reported that Netty, a Java NIO client/server framework, is proneto a HTTP request smuggling vulnerability due to mishandling whitespacebefore the colon in HTTP headers.
- DSA-4596 tomcat8 - security update
Several issues were discovered in the Tomcat servlet and JSP engine, whichcould result in session fixation attacks, information disclosure, cross-sitescripting, denial of service via resource exhaustion and insecureredirects.
- DSA-4595 debian-lan-config - security update
It was discovered that debian-lan-config, a FAI config space for theDebian-LAN system, configured too permissive ACLs for the Kerberos adminserver, which allowed password changes for other user principals.