RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:
20 November 2014lese mehr über DSA-3075 drupal7 - security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
18 November 2014lese mehr über DSA-3074 php5 - security update
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
16 November 2014lese mehr über DSA-3073 libgcrypt11 - security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
11 November 2014lese mehr über DSA-3072 file - security update
In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
11 November 2014lese mehr über DSA-3071 nss - security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.
7 November 2014lese mehr über DSA-3070 kfreebsd-9 - security update
Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.
7 November 2014lese mehr über DSA-3069 curl - security update
It was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption.
7 November 2014lese mehr über DSA-3068 konversation - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
6 November 2014lese mehr über DSA-3067 qemu-kvm - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
6 November 2014lese mehr über DSA-3066 qemu - security update
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.
6 November 2014lese mehr über DSA-3065 libxml-security-java - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information:
4 November 2014lese mehr über DSA-3064 php5 - security update
An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.
2 November 2014lese mehr über DSA-3063 quassel - security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege.
1 November 2014lese mehr über DSA-3062 wget - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.
31 Oktober 2014lese mehr über DSA-3061 icedove - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service:
31 Oktober 2014lese mehr über DSA-3060 linux - security update
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
29 Oktober 2014lese mehr über DSA-3059 dokuwiki - security update
Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job.
27 Oktober 2014lese mehr über DSA-3058 torque - security update
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660)
26 Oktober 2014lese mehr über DSA-3057 libxml2 - security update
Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.
26 Oktober 2014lese mehr über DSA-3056 libtasn1-3 - security update
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:
23 Oktober 2014lese mehr über DSA-3055 pidgin - security update