RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
29 August 2015lese mehr über DSA-3345 iceweasel - security update
Multiple vulnerabilities have been discovered in the PHP language:
27 August 2015lese mehr über DSA-3344 php5 - security update
James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
26 August 2015lese mehr über DSA-3343 twig - security update
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
20 August 2015lese mehr über DSA-3342 vlc - security update
It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.
20 August 2015lese mehr über DSA-3341 conntrack - security update
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.
19 August 2015lese mehr über DSA-3340 zendframework - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
19 August 2015lese mehr über DSA-3339 openjdk-6 - security update
Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted.
18 August 2015lese mehr über DSA-3338 python-django - security update
Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened.
18 August 2015lese mehr über DSA-3337 gdk-pixbuf - security update
Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems:
17 August 2015lese mehr über DSA-3336 nss - security update
13 August 2015lese mehr über DSA-3335 request-tracker4 - security update
Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.
12 August 2015lese mehr über DSA-3334 gnutls28 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.
12 August 2015lese mehr über DSA-3333 iceweasel - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.
11 August 2015lese mehr über DSA-3332 wordpress - security update
Several security issues have been found in the server components of the version control system subversion.
10 August 2015lese mehr über DSA-3331 subversion - security update
It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.
7 August 2015lese mehr über DSA-3330 activemq - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
7 August 2015lese mehr über DSA-3329 linux - security update
Several vulnerabilities have been found in Wordpress, the popular blogging engine.
4 August 2015lese mehr über DSA-3328 wordpress - security update
Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a gateway proxy to its backend proxy.
3 August 2015lese mehr über DSA-3327 squid3 - security update
William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened.
2 August 2015lese mehr über DSA-3326 ghostscript - security update
Several vulnerabilities have been found in the Apache HTTPD server.
1 August 2015lese mehr über DSA-3325 apache2 - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the
1 August 2015lese mehr über DSA-3324 icedove - security update
Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.
1 August 2015lese mehr über DSA-3323 icu - security update
Tomek Rabczak from the NCC Group discovered a flaw in the normalize_params() method in Rack, a modular Ruby webserver interface. A remote attacker can use this flaw via specially crafted requests to cause a `SystemStackError` and potentially cause a denial of service condition for the service.
31 Juli 2015lese mehr über DSA-3322 ruby-rack - security update
The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data.
30 Juli 2015lese mehr über DSA-3321 xmltooling - security update
It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic.
30 Juli 2015lese mehr über DSA-3320 openafs - security update