RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service (crash) via crafted font files.
6 Oktober 2015lese mehr über DSA-3370 freetype - security update
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework:
6 Oktober 2015lese mehr über DSA-3369 zendframework - security update
It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service.
25 September 2015lese mehr über DSA-3368 cyrus-sasl2 - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service.
24 September 2015lese mehr über DSA-3367 wireshark - security update
A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).
23 September 2015lese mehr über DSA-3366 rpcbind - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
23 September 2015lese mehr über DSA-3365 iceweasel - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
21 September 2015lese mehr über DSA-3364 linux - security update
Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the user in the client side manually distrusts the new certificate, the file syncing will continue using the malicious server as valid.
20 September 2015lese mehr über DSA-3363 owncloud-client - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
18 September 2015lese mehr über DSA-3362 qemu-kvm - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
18 September 2015lese mehr über DSA-3361 qemu - security update
It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with
x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.
15 September 2015lese mehr über DSA-3360 icu - security update
This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we've decided to update these to the respective 4.1.40 and 4.3.30 bugfix releases.
13 September 2015lese mehr über DSA-3359 virtualbox - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
13 September 2015lese mehr über DSA-3358 php5 - security update
It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-based containers. Further information on the prerequisites of such an attack can be found at src.openvz.org.
13 September 2015lese mehr über DSA-3357 vzctl - security update
Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.
12 September 2015lese mehr über DSA-3356 openldap - security update
Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
10 September 2015lese mehr über DSA-3355 libvdpau - security update
Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service (QEMU process crash) or, potentially execute arbitrary code on the host with the privileges of the hosting QEMU process.
8 September 2015lese mehr über DSA-3354 spice - security update