RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
20 Oktober 2014lese mehr über DSA-3054 mysql-5.5 - security update
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
16 Oktober 2014lese mehr über DSA-3053 openssl - security update
Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
15 Oktober 2014lese mehr über DSA-3052 wpa - security update
Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
15 Oktober 2014lese mehr über DSA-3051 drupal7 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy.
15 Oktober 2014lese mehr über DSA-3050 iceweasel - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.
14 Oktober 2014lese mehr über DSA-3049 wireshark - security update
Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten.
8 Oktober 2014lese mehr über DSA-3048 apt - security update
Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
8 Oktober 2014lese mehr über DSA-3047 rsyslog - security update
5 Oktober 2014lese mehr über DSA-3046 mediawiki - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator:
4 Oktober 2014lese mehr über DSA-3045 qemu - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware:
4 Oktober 2014lese mehr über DSA-3044 qemu-kvm - security update
4 Oktober 2014lese mehr über DSA-3042 exuberant-ctags - security update
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.
1 Oktober 2014lese mehr über DSA-3041 xen - security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
30 September 2014lese mehr über DSA-3040 rsyslog - security update
Several vulnerabilities were discovered in the chromium web browser.
28 September 2014lese mehr über DSA-3039 chromium-browser - security update
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems:
27 September 2014lese mehr über DSA-3038 libvirt - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
26 September 2014lese mehr über DSA-3037 icedove - security update
It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.
26 September 2014lese mehr über DSA-3036 mediawiki - security update
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.
25 September 2014lese mehr über DSA-3035 bash - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
25 September 2014lese mehr über DSA-3034 iceweasel - security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
25 September 2014lese mehr über DSA-3033 nss - security update
Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.
24 September 2014lese mehr über DSA-3032 bash - security update
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the
httpapt method binary, or potentially to arbitrary code execution.
23 September 2014lese mehr über DSA-3031 apt - security update