RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpioprogram part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
5 März 2015lese mehr über DSA-3180 libarchive - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.
3 März 2015lese mehr über DSA-3179 icedove - security update
Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or, possibly, execute arbitrary code.
2 März 2015lese mehr über DSA-3178 unace - security update
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:
26 Februar 2015lese mehr über DSA-3176 request-tracker4 - security update
Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow in IGMP processing may result in denial of service through malformed IGMP packets.
25 Februar 2015lese mehr über DSA-3175 kfreebsd-9 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.
25 Februar 2015lese mehr über DSA-3174 iceweasel - security update
It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service (application crash) or, potentially, to arbitrary code execution.
25 Februar 2015lese mehr über DSA-3173 libgtk2-perl - security update
Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.
25 Februar 2015lese mehr über DSA-3172 cups - security update
Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
23 Februar 2015lese mehr über DSA-3171 samba - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.
23 Februar 2015lese mehr über DSA-3170 linux - security update
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:
23 Februar 2015lese mehr über DSA-3169 eglibc - security update
22 Februar 2015lese mehr über DSA-3168 ruby-redcloth - security update
Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.
22 Februar 2015lese mehr über DSA-3167 sudo - security update
Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.
22 Februar 2015lese mehr über DSA-3166 e2fsprogs - security update
Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
21 Februar 2015lese mehr über DSA-3165 xdg-utils - security update
Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system. Please refer to the upstream advisory for additional information:
21 Februar 2015lese mehr über DSA-3164 typo3-src - security update
It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.
19 Februar 2015lese mehr über DSA-3163 libreoffice - security update
Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".
18 Februar 2015lese mehr über DSA-3162 bind9 - security update
Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.
11 Februar 2015lese mehr über DSA-3161 dbus - security update
Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.
11 Februar 2015lese mehr über DSA-3160 xorg-server - security update
It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).
10 Februar 2015lese mehr über DSA-3159 ruby1.8 - security update
Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code.
9 Februar 2015lese mehr über DSA-3158 unrtf - security update
Multiple vulnerabilities were discovered in the interpreter for the Ruby language:
9 Februar 2015lese mehr über DSA-3157 ruby1.9.1 - security update
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
6 Februar 2015lese mehr über DSA-3155 postgresql-9.1 - security update
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems:
5 Februar 2015lese mehr über DSA-3154 ntp - security update
Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:
3 Februar 2015lese mehr über DSA-3153 krb5 - security update
A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact.
3 Februar 2015lese mehr über DSA-3152 unzip - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems:
3 Februar 2015lese mehr über DSA-3151 python-django - security update