Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices


  • DSA-4368 zeromq3 - security update
    Guido Vranken discovered that an incorrect bounds check in ZeroMQ, alightweight messaging kernel, could result in the execution of arbitrarycode.


  • DSA-4367 systemd - security update
    The Qualys Research Labs discovered multiple vulnerabilities insystemd-journald. Two memory corruption flaws, via attacker-controlledallocations using the alloca function (CVE-2018-16864,CVE-2018-16865)and an out-of-bounds read flaw leading to an information leak(CVE-2018-16866),could allow an attacker to cause a denial of service or the execution ofarbitrary code.



  • DSA-4365 tmpreaper - security update
    Stephen Roettger discovered a race condition in tmpreaper, a program thatcleans up files in directories based on their age, which could result inlocal privilege escalation.


  • DSA-4364 ruby-loofah - security update
    It was discovered that ruby-loofah, a general library for manipulatingand transforming HTML/XML documents and fragments, performed insufficientsanitising of SVG elements.




  • DSA-4361 libextractor - security update
    Several vulnerabilities were discovered in libextractor, a library toextract arbitrary meta-data from files, which may lead to denial ofservice or memory disclosure if a malformed OLE file is processed.


  • DSA-4360 libarchive - security update
    Multiple security issues were found in libarchive, a multi-format archiveand compression library: Processing malformed RAR archives could resultin denial of service or the execution of arbitrary code and malformedWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.


  • DSA-4359 wireshark - security update
    Multiple vulnerabilities have been discovered in Wireshark, a networkprotocol analyzer, which could result in denial of service or theexecution of arbitrary code.


  • DSA-4358 ruby-sanitize - security update
    The Shopify Application Security Team discovered that ruby-sanitize, awhitelist-based HTML sanitizer, is prone to a HTML injectionvulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element.


  • DSA-4357 libapache-mod-jk - security update
    Raphael Arrouas and Jean Lejeune discovered an access control bypassvulnerability in mod_jk, the Apache connector for the Tomcat Javaservlet engine. The vulnerability is addressed by upgrading mod_jk tothe new upstream version 1.2.46, which includes additional changes.


  • DSA-4356 netatalk - security update
    Jacob Baines discovered a flaw in the handling of the DSI Opensessioncommand in Netatalk, an implementation of the AppleTalk Protocol Suite,allowing an unauthenticated user to execute arbitrary code with rootprivileges.


  • DSA-4355 openssl1.0 - security update
    Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure SocketsLayer toolkit.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM