1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-4252 znc - security update
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer whichcould result in privilege escalation or denial of service.
- DSA-4251 vlc - security update
A use-after-free was discovered in the MP4 demuxer of the VLC mediaplayer, which could result in the execution of arbitrary code if amalformed media file is played.
- DSA-4249 ffmpeg - security update
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
- DSA-4248 blender - security update
Multiple vulnerabilities have been discovered in various parsers ofBlender, a 3D modeller/ renderer. Malformed .blend model files andmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) mayresult in the execution of arbitrary code.
- DSA-4246 mailman - security update
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discoveredthat mailman, a web-based mailing list manager, is prone to a cross-sitescripting flaw allowing a malicious listowner to inject scripts into thelistinfo page, due to not validated input in the host_name field.
- DSA-4245 imagemagick - security update
This update fixes several vulnerabilities in Imagemagick, a graphicalsoftware suite. Various memory handling problems or incomplete inputsanitising could result in denial of service or the execution ofarbitrary code.
- DSA-4244 thunderbird - security update
Multiple security issues have been found in Thunderbird, which may leadto the execution of arbitrary code, denial of service or attacks onencrypted emails.
- DSA-4243 cups - security update
Several vulnerabilities were discovered in CUPS, the Common UNIX PrintingSystem. These issues have been identified with the following CVE ids:
- DSA-4242 ruby-sprockets - security update
Orange Tsai discovered a path traversal flaw in ruby-sprockets, aRack-based asset packaging system. A remote attacker can take advantageof this flaw to read arbitrary files outside an application's rootdirectory via specially crafted requests, when the Sprockets server isused in production.
- DSA-4239 gosa - security update
Fabian Henneke discovered a cross-site scripting vulnerability in thepassword change form of GOsa, a web-based LDAP administration program.
- DSA-4238 exiv2 - security update
Several vulnerabilities have been discovered in Exiv2, a C++ library anda command line utility to manage image metadata which could result indenial of service or the execution of arbitrary code if a malformed fileis parsed.
- DSA-4235 firefox-esr - security update
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and other implementation errors maylead to the execution of arbitrary code, denial of service, cross-siterequest forgery or information disclosure.
- DSA-4234 lava-server - security update
Two vulnerabilities were discovered in LAVA, a continuous integrationsystem for deploying operating systems for running tests, which couldresult in information disclosure of files readable by the lavaserversystem user or the execution of arbitrary code via a XMLRPC call.
- DSA-4233 bouncycastle - security update
It was discovered that the low-level interface to the RSA key pairgenerator of Bouncy Castle (a Java implementation of cryptographicalgorithms) could perform less Miller-Rabin primality tests thanexpected.