RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
24 März 2017lese mehr über DSA-3817 jbig2dec - security update
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition.
23 März 2017lese mehr über DSA-3816 samba - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms.
23 März 2017lese mehr über DSA-3815 wordpress - security update
Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed.
22 März 2017lese mehr über DSA-3814 audiofile - security update
Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation.
19 März 2017lese mehr über DSA-3813 r-base - security update
It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content (pk3 files or game code), which allows malicious game servers to modify configuration settings including driver settings.
18 März 2017lese mehr über DSA-3812 ioquake3 - security update
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code.
18 März 2017lese mehr über DSA-3811 wireshark - security update
Several vulnerabilities have been discovered in the chromium web browser.
15 März 2017lese mehr über DSA-3810 chromium-browser - security update
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.30. Please see the MariaDB 10.0 Release Notes for further details:
14 März 2017lese mehr über DSA-3809 mariadb-10.0 - security update
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.
13 März 2017lese mehr über DSA-3808 imagemagick - security update
Multiple vulnerabilities were discovered in the icotool and wrestool tools of Icoutils, a set of programs that deal with MS Windows icons and cursors, which may result in denial of service or the execution of arbitrary code if a malformed .ico or .exe file is processed.
12 März 2017lese mehr über DSA-3807 icoutils - security update
It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side.
10 März 2017lese mehr über DSA-3806 pidgin - security update
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service.
8 März 2017lese mehr über DSA-3805 firefox-esr - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
8 März 2017lese mehr über DSA-3804 linux - security update
It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document.
8 März 2017lese mehr über DSA-3803 texlive-base - security update
An SQL injection vulnerability has been discovered in the
Latest datapage of the web frontend of the Zabbix network monitoring system
5 März 2017lese mehr über DSA-3802 zabbix - security update
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
4 März 2017lese mehr über DSA-3801 ruby-zip - security update
Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application.
2 März 2017lese mehr über DSA-3800 libquicktime - security update
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.
1 März 2017lese mehr über DSA-3799 imagemagick - security update
Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type
application/ms-tnef. Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution.
1 März 2017lese mehr über DSA-3798 tnef - security update
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
28 Februar 2017lese mehr über DSA-3797 mupdf - security update
Several vulnerabilities were discovered in the Apache2 HTTP server.
26 Februar 2017lese mehr über DSA-3796 apache2 - security update
It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice.
26 Februar 2017lese mehr über DSA-3795 bind9 - security update
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process.
25 Februar 2017lese mehr über DSA-3794 munin - security update