Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Debian Security Notices

  • DSA-4090 wordpress - security update
    Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform SQL injections andvarious Cross-Side Scripting (XSS) and Server-Side Request Forgery(SSRF) attacks, as well as bypass some access restrictions.


  • DSA-4089 bind9 - security update
    Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS serverimplementation, was improperly sequencing cleanup operations, leading insome cases to a use-after-free error, triggering an assertion failureand crash in named.


  • DSA-4088 gdk-pixbuf - security update
    It was discovered that multiple integer overflows in the GIF image loaderin the GDK Pixbuf library may result in denial of service and potentiallythe execution of arbitrary code if a malformed image file is opened.


  • DSA-4087 transmission - security update
    Tavis Ormandy discovered a vulnerability in the Transmission BitTorrentclient; insecure RPC handling between the Transmission daemon and theclient interface(s) may result in the execution of arbitrary code if auser visits a malicious website while Transmission is running.


  • DSA-4086 libxml2 - security update
    Nick Wellnhofer discovered that certain function calls inside XPathpredicates can lead to use-after-free and double-free errors whenexecuted by libxml2's XPath engine via an XSLT transformation.




  • DSA-4083 poco - security update
    Stephan Zeisberg discovered that poco, a collection of open source C++class libraries, did not correctly validate file paths in ZIParchives. An attacker could leverage this flaw to create or overwritearbitrary files.


  • DSA-4082 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.




  • DSA-4079 poppler - security update
    Multiple vulnerabilities were discovered in the poppler PDF renderinglibrary, which could result in denial of service or the execution ofarbitrary code if a malformed PDF file is processed.


  • DSA-4078 linux - security update
    Multiple researchers have discovered a vulnerability in Intel processors,enabling an attacker controlling an unprivileged process to read memory fromarbitrary addresses, including from the kernel and all other processes runningon the system.


  • DSA-4077 gimp - security update
    Several vulnerabilities were discovered in GIMP, the GNU ImageManipulation Program, which could result in denial of service(application crash) or potentially the execution of arbitrary code ifmalformed files are opened.


  • DSA-4076 asterisk - security update
    Multiple vulnerabilities have been discovered in Asterisk, an open sourcePBX and telephony toolkit, which may result in denial of service,information disclosure and potentially the execution of arbitrary code.


  • DSA-4075 thunderbird - security update
    Multiple security issues have been found in Thunderbird, which may leadto the execution of arbitrary code, denial of service, informationdisclosure or spoofing of sender's email addresses.


  • DSA-4074 imagemagick - security update
    This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed.


  • DSA-4073 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.


  • DSA-4072 bouncycastle - security update
    Hanno Boeck, Juraj Somorovsky and Craig Young discovered that theTLS implementation in Bouncy Castle is vulnerable to an adaptive chosenciphertext attack against RSA keys.


  • DSA-4071 sensible-utils - security update
    Gabriel Corona reported that sensible-browser from sensible-utils, acollection of small utilities used to sensibly select and spawn anappropriate browser, editor or pager, does not validate strings beforelaunching the program specified by the BROWSER environment variable,potentially allowing a remote attacker to conduct argument-injectionattacks if a user is tricked into processing a specially crafted URL.



  • DSA-4069 otrs2 - security update
    Francesco Sirocco discovered a flaw in otrs2, the Open Ticket RequestSystem, which could result in session information disclosure when cookiesupport is disabled. A remote attacker can take advantage of this flawto take over an agent's session if the agent is tricked into clicking alink in a specially crafted mail.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 12:07 AM