1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3054 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:
- DSA-3052 wpa - security update
Jouni Malinen discovered an input sanitization issue in the wpa_cli andhostapd_cli tools included in the wpa package. A remote wifi systemwithin range could provide a crafted string triggering arbitrary codeexecution running with privileges of the affected wpa_cli or hostapd_cliprocess.
- DSA-3050 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, denial of service, the bypass of thesame-origin policy or a loss of privacy.
- DSA-3049 wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers forRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denialof service.
- DSA-3048 apt - security update
Guillem Jover discovered that the changelog retrieval functionality inapt-get used temporary files in an insecure way, allowing a local userto cause arbitrary files to be overwritten.
- DSA-3047 rsyslog - security update
Mancha discovered a vulnerability in rsyslog, a system for logprocessing. This vulnerability is an integer overflow that can betriggered by malformed messages to a server, if this one accepts datafrom untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
- DSA-3046 mediawiki - security update
- DSA-3042 exuberant-ctags - security update
- DSA-3041 xen - security update
Multiple security issues have been discovered in the Xen virtualisationsolution which may result in denial of service, information disclosureor privilege escalation.
- DSA-3040 rsyslog - security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability inRsyslog, a system for log processing. As a consequence of thisvulnerability an attacker can send malformed messages to a server, ifthis one accepts data from untrusted sources, and trigger a denial ofservice attack.
- DSA-3038 libvirt - security update
Several vulnerabilities were discovered in Libvirt, a virtualisationabstraction library. The Common Vulnerabilities and Exposures projectidentifies the following problems:
- DSA-3037 icedove - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (theMozilla Network Security Service library, embedded in Wheezy's Icedove),was parsing ASN.1 data used in signatures, making it vulnerable to asignature forgery attack.
- DSA-3035 bash - security update
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, wasincomplete and could still allow some characters to be injected intoanother environment (CVE-2014-7169). With this update prefix and suffixfor environment variable names which contain shell functions are addedas hardening measure.
- DSA-3034 iceweasel - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS(the Mozilla Network Security Service library, embedded in Wheezy'sIceweasel package), was parsing ASN.1 data used in signatures, making itvulnerable to a signature forgery attack.
- DSA-3033 nss - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS(the Mozilla Network Security Service library) was parsing ASN.1 dataused in signatures, making it vulnerable to a signature forgery attack.
- DSA-3032 bash - security update
Stephane Chazelas discovered a vulnerability in bash, the GNUBourne-Again Shell, related to how environment variables areprocessed. In many common configurations, this vulnerability isexploitable over the network, especially if bash has been configuredas the system shell.