1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-3322 ruby-rack - security update
Tomek Rabczak from the NCC Group discovered a flaw in thenormalize_params() method in Rack, a modular Ruby webserver interface.A remote attacker can use this flaw via specially crafted requests tocause a SystemStackError` and potentially cause a denial of servicecondition for the service.
- DSA-3321 xmltooling - security update
The InCommon Shibboleth Training team discovered that XMLTooling, aC++ XML parsing library, did not properly handle an exception whenparsing well-formed but schema-invalid XML. This could allow remoteattackers to cause a denial of service (crash) via crafted XML data.
- DSA-3320 openafs - security update
It was discovered that OpenAFS, the implementation of the distributedfilesystem AFS, contained several flaws that could result ininformation leak, denial-of-service or kernel panic.
- DSA-3319 bind9 - security update
Jonathan Foote discovered that the BIND DNS server does not properlyhandle TKEY queries. A remote attacker can take advantage of this flawto mount a denial of service via a specially crafted query triggering anassertion failure and causing BIND to exit.
- DSA-3318 expat - security update
Multiple integer overflows have been discovered in Expat, an XML parsingC library, which may result in denial of service or the execution ofarbitrary code if a malformed XML file is processed.
- DSA-3317 lxc - security update
Several vulnerabilities have been discovered in LXC, the LinuxContainers userspace tools. The Common Vulnerabilities and Exposuresproject identifies the following problems:
- DSA-3316 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure,denial of service or insecure cryptography.
- DSA-3311 mariadb-10.0 - security update
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.20. Please see the MariaDB 10.0 Release Notes for furtherdetails:
- DSA-3310 freexl - security update
It was discovered that an integer overflow in freexl, a library to parseMicrosoft Excel spreadsheets may result in denial of service if amalformed Excel file is opened.
- DSA-3309 tidy - security update
Fernando Muņoz discovered that invalid HTML input passed to tidy, anHTML syntax checker and reformatter, could trigger a buffer overflow.This could allow remote attackers to cause a denial of service (crash)or potentially execute arbitrary code.
- DSA-3308 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle'sCritical Patch Update advisory for further details:
- DSA-3307 pdns-recursor - security update
Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor,a recursive DNS server, fixingCVE-2015-1868, was insufficient in somecases, allowing remote attackers to cause a denial of service(service-affecting CPU spikes and in some cases a crash).
- DSA-3306 pdns - security update
Toshifumi Sakaguchi discovered that the patch applied to pdns, anauthoritative DNS server, fixingCVE-2015-1868, was insufficient insome cases, allowing remote attackers to cause a denial of service(service-affecting CPU spikes and in some cases a crash).
- DSA-3304 bind9 - security update
Breno Silveira Soares of Servico Federal de Processamento de Dados(SERPRO) discovered that the BIND DNS server is prone to a denial ofservice vulnerability. A remote attacker who can cause a validatingresolver to query a zone containing specifically constructed contentscan cause the resolver to terminate with an assertion failure, resultingin a denial of service to clients relying on the resolver.
- DSA-3303 cups-filters - security update
It was discovered that the texttopdf utility, part of cups-filters, wassusceptible to multiple heap-based buffer overflows due to improperhandling of print jobs with a specially crafted line size. This couldallow remote attackers to crash texttopdf or possibly execute arbitrarycode.
- DSA-3302 libwmf - security update
Insufficient input sanitising in libwmf, a library to process Windowsmetafile data, may result in denial of service or the execution ofarbitrary code if a malformed WMF file is opened.
- DSA-3301 haproxy - security update
Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fastand reliable load balancing reverse proxy, when HTTP pipelining is used.A client can take advantage of this flaw to cause data corruption andretrieve uninitialized memory contents that exhibit data from a pastrequest or session.
- DSA-3300 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's versionof the Mozilla Firefox web browser: Multiple memory safety errors,use-after-frees and other implementation errors may lead to theexecution of arbitrary code or denial of service. This update alsoaddresses a vulnerability in DHE key processing commonly known asthe LogJam vulnerability.
- DSA-3299 stunnel4 - security update
Johan Olofsson discovered an authentication bypass vulnerability inStunnel, a program designed to work as an universal SSL tunnel fornetwork daemons. When Stunnel in server mode is used with the redirectoption and certificate-based authentication is enabled with verify = 2or higher, then only the initial connection is redirected to the hostsspecified with redirect. This allows a remote attacker to bypassauthentication.