NTLUG | Debian / Debian browse

NTLUG

Linux is free.
Life is good.

Introducing Ubuntu Phone

Linux Training
10am on Meeting Days!

MEETING LOCATION

1825 Monetary Lane Suite #104 Carrollton, TX

PRESENTERS

Do a presentation at NTLUG.

LIP

What is the Linux Installation Project?

BUSINESS ON PARADE

Real companies using Linux!

LINUX GAMES

Not just for business anymore.

DISTRIBUTIONS

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>

On this page... (hide)

Community
Support
Debian Planet
Debian Security Notices
Debian Forum at linuxquestions.org

Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

DSA-4913 hivex - security update
Jeremy Galindo discovered an out-of-bounds memory access in Hivex, alibrary to parse Windows Registry hive files.

DSA-4912 exim4 - security update
The Qualys Research Labs reported several vulnerabilities in Exim, amail transport agent, which could result in local privilege escalationand remote code execution.

DSA-4911 chromium - security update
Several vulnerabilities have been discovered in the chromium web browser.

DSA-4910 libimage-exiftool-perl - security update
A vulnerability was discovered in libimage-exiftool-perl, a library andprogram to read and write meta information in multimedia files, whichmay result in execution of arbitrary code if a malformed DjVu file isprocessed.

DSA-4909 bind9 - security update
Several vulnerabilities were discovered in BIND, a DNS serverimplementation.

DSA-4908 libhibernate3-java - security update
It was discovered that libhibernate3-java, a powerful, high performanceobject/relational persistence and query service, is prone to an SQLinjection vulnerability allowing an attacker to access unauthorizedinformation or possibly conduct further attacks.

DSA-4907 composer - security update
It was discovered that composer, a dependency manager for PHP, did notproperly sanitize Mercurial URLs, which could lead to arbitrary codeexecution.

DSA-4906 chromium - security update
Several vulnerabilities have been discovered in the chromium web browser.

DSA-4905 shibboleth-sp - security update
It was discovered that the Shibboleth Service Provider is prone to aNULL pointer dereference flaw in the cookie-based session recoveryfeature. A remote, unauthenticated attacker can take advantage of thisflaw to cause a denial of service (crash in the shibd daemon/service).

DSA-4904 gst-plugins-ugly1.0 - security update
Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.

DSA-4903 gst-plugins-base1.0 - security update
Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.

DSA-4902 gst-plugins-bad1.0 - security update
Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.

DSA-4901 gst-libav1.0 - security update
Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.

DSA-4900 gst-plugins-good1.0 - security update
Multiple vulnerabilities were discovered in plugins for the GStreamermedia framework, which may result in denial of service or potentiallythe execution of arbitrary code if a malformed media file is opened.

DSA-4899 openjdk-11 - security update
It was discovered that the OpenJDK Java platform incompletely enforcedconfiguration settings used in Jar signing verifications.

DSA-4898 wpa - security update
Several vulnerabilities have been discovered in wpa_supplicant andhostapd.

DSA-4897 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code or information disclosure.In addition a number of security issues were addressed in the OpenPGPsupport.

DSA-4896 wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform XML External Entity(XXE) attacks, and access private content.

DSA-4895 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, information disclosure, privilege escalation or spoofing.

DSA-4894 php-pear - security update
It was discovered that the PEAR Archive_Tar package for handling tarfiles in PHP is prone to a directory traversal flaw due to inadequatechecking of symbolic links.

DSA-4893 xorg-server - security update
Jan-Niklas Sohn discovered that missing input sanitising in the XInputextension of the X.org X server may result in privilege escalation ifthe X server is running privileged.

DSA-4892 python-bleach - security update
It was reported that python-bleach, a whitelist-based HTML-sanitizinglibrary, is prone to a mutation XSS vulnerability in bleach.clean whensvg or math are in the allowed tags, 'p' or br are in allowedtags, style, title, noscript, script, textarea, noframes,iframe, or xmp are in allowed tags and 'strip_comments=False' isset.

DSA-4891 tomcat9 - security update
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine,which could result in information disclosure or denial of service.

DSA-4890 ruby-kramdown - security update
Stan Hu discovered that kramdown, a pure Ruby Markdown parser andconverter, performed insufficient namespace validation of Rouge syntaxhighlighting formatters.

Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM