Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices


  • DSA-4912 exim4 - security update
    The Qualys Research Labs reported several vulnerabilities in Exim, amail transport agent, which could result in local privilege escalationand remote code execution.



  • DSA-4910 libimage-exiftool-perl - security update
    A vulnerability was discovered in libimage-exiftool-perl, a library andprogram to read and write meta information in multimedia files, whichmay result in execution of arbitrary code if a malformed DjVu file isprocessed.



  • DSA-4908 libhibernate3-java - security update
    It was discovered that libhibernate3-java, a powerful, high performanceobject/relational persistence and query service, is prone to an SQLinjection vulnerability allowing an attacker to access unauthorizedinformation or possibly conduct further attacks.


  • DSA-4907 composer - security update
    It was discovered that composer, a dependency manager for PHP, did notproperly sanitize Mercurial URLs, which could lead to arbitrary codeexecution.



  • DSA-4905 shibboleth-sp - security update
    It was discovered that the Shibboleth Service Provider is prone to aNULL pointer dereference flaw in the cookie-based session recoveryfeature. A remote, unauthenticated attacker can take advantage of thisflaw to cause a denial of service (crash in the shibd daemon/service).


  • DSA-4904 gst-plugins-ugly1.0 - security update
    Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.


  • DSA-4903 gst-plugins-base1.0 - security update
    Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.


  • DSA-4902 gst-plugins-bad1.0 - security update
    Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.


  • DSA-4901 gst-libav1.0 - security update
    Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.


  • DSA-4900 gst-plugins-good1.0 - security update
    Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.




  • DSA-4897 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code or information disclosure.In addition a number of security issues were addressed in the OpenPGPsupport.


  • DSA-4896 wordpress - security update
    Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform XML External Entity(XXE) attacks, and access private content.


  • DSA-4895 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, information disclosure, privilege escalation or spoofing.


  • DSA-4894 php-pear - security update
    It was discovered that the PEAR Archive_Tar package for handling tarfiles in PHP is prone to a directory traversal flaw due to inadequatechecking of symbolic links.


  • DSA-4893 xorg-server - security update
    Jan-Niklas Sohn discovered that missing input sanitising in the XInputextension of the X.org X server may result in privilege escalation ifthe X server is running privileged.


  • DSA-4892 python-bleach - security update
    It was reported that python-bleach, a whitelist-based HTML-sanitizinglibrary, is prone to a mutation XSS vulnerability in bleach.clean whensvg or math are in the allowed tags, 'p' or br are in allowedtags, style, title, noscript, script, textarea, noframes,iframe, or xmp are in allowed tags and 'strip_comments=False' isset.


  • DSA-4891 tomcat9 - security update
    Two vulnerabilities were discovered in the Tomcat servlet and JSP engine,which could result in information disclosure or denial of service.


  • DSA-4890 ruby-kramdown - security update
    Stan Hu discovered that kramdown, a pure Ruby Markdown parser andconverter, performed insufficient namespace validation of Rouge syntaxhighlighting formatters.


Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM