RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service.
2 September 2015lese mehr über DSA-3350 bind9 - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
2 September 2015lese mehr über DSA-3349 qemu-kvm - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
2 September 2015lese mehr über DSA-3348 qemu - security update
Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns, an authoritative DNS server, was incorrectly processing some DNS packets; this would enable a remote attacker to trigger a DoS by sending specially crafted packets causing the server to crash.
2 September 2015lese mehr über DSA-3347 pdns - security update
Several vulnerabilities were discovered in Drupal, a content management framework:
31 August 2015lese mehr über DSA-3346 drupal7 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
29 August 2015lese mehr über DSA-3345 iceweasel - security update
Multiple vulnerabilities have been discovered in the PHP language:
27 August 2015lese mehr über DSA-3344 php5 - security update
James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
26 August 2015lese mehr über DSA-3343 twig - security update
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
20 August 2015lese mehr über DSA-3342 vlc - security update
It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.
20 August 2015lese mehr über DSA-3341 conntrack - security update
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.
19 August 2015lese mehr über DSA-3340 zendframework - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
19 August 2015lese mehr über DSA-3339 openjdk-6 - security update
Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted.
18 August 2015lese mehr über DSA-3338 python-django - security update
Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened.
18 August 2015lese mehr über DSA-3337 gdk-pixbuf - security update
Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems:
17 August 2015lese mehr über DSA-3336 nss - security update
13 August 2015lese mehr über DSA-3335 request-tracker4 - security update
Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.
12 August 2015lese mehr über DSA-3334 gnutls28 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.
12 August 2015lese mehr über DSA-3333 iceweasel - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.
11 August 2015lese mehr über DSA-3332 wordpress - security update
Several security issues have been found in the server components of the version control system subversion.
10 August 2015lese mehr über DSA-3331 subversion - security update
It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.
7 August 2015lese mehr über DSA-3330 activemq - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
7 August 2015lese mehr über DSA-3329 linux - security update
Several vulnerabilities have been found in Wordpress, the popular blogging engine.
4 August 2015lese mehr über DSA-3328 wordpress - security update