RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon.
26 August 2016lese mehr über DSA-3654 quagga - security update
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer() function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources.
25 August 2016lese mehr über DSA-3653 flex - security update
This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
25 August 2016lese mehr über DSA-3652 imagemagick - security update
Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as
HTML safewill not have quotes escaped when used as attribute values in tag helpers.
25 August 2016lese mehr über DSA-3651 rails - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
17 August 2016lese mehr über DSA-3650 libgcrypt20 - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
17 August 2016lese mehr über DSA-3649 gnupg - security update
Multiple vulnerabilities were discovered in the dissectors for NDS, PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in denial of service or the execution of arbitrary code.
12 August 2016lese mehr über DSA-3648 wireshark - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.
11 August 2016lese mehr über DSA-3647 icedove - security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
11 August 2016lese mehr über DSA-3646 postgresql-9.4 - security update
Several vulnerabilites have been discovered in the chromium web browser.
9 August 2016lese mehr über DSA-3645 chromium-browser - security update
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.
8 August 2016lese mehr über DSA-3644 fontconfig - security update
Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.
6 August 2016lese mehr über DSA-3643 kde4libs - security update
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
5 August 2016lese mehr über DSA-3642 lighttpd - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.
4 August 2016lese mehr über DSA-3641 openjdk-7 - security update
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, information disclosure and bypass of the same-origin policy.
3 August 2016lese mehr über DSA-3640 firefox-esr - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.
3 August 2016lese mehr über DSA-3639 wordpress - security update
Several vulnerabilities were discovered in cURL, an URL transfer library:
3 August 2016lese mehr über DSA-3638 curl - security update
Several vulnerabilities have been discovered in the chromium web browser.
31 Juli 2016lese mehr über DSA-3637 chromium-browser - security update
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code.
30 Juli 2016lese mehr über DSA-3636 collectd - security update
It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions.
30 Juli 2016lese mehr über DSA-3634 redis - security update
Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
29 Juli 2016lese mehr über DSA-3635 libdbd-mysql-perl - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
27 Juli 2016lese mehr über DSA-3633 xen - security update
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details:
27 Juli 2016lese mehr über DSA-3632 mariadb-10.0 - security update