RSS feed Debian security
This is the RSS feed imported from the following address : http://www.debian.org/security/dsa-long.en.rdf
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
29th of October 2014read more about DSA-3059 dokuwiki - security update
Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job.
27th of October 2014read more about DSA-3058 torque - security update
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660)
26th of October 2014read more about DSA-3057 libxml2 - security update
Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.
26th of October 2014read more about DSA-3056 libtasn1-3 - security update
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:
23rd of October 2014read more about DSA-3055 pidgin - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
20th of October 2014read more about DSA-3054 mysql-5.5 - security update
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
16th of October 2014read more about DSA-3053 openssl - security update
Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
15th of October 2014read more about DSA-3052 wpa - security update
Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
15th of October 2014read more about DSA-3051 drupal7 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy.
15th of October 2014read more about DSA-3050 iceweasel - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.
14th of October 2014read more about DSA-3049 wireshark - security update
Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten.
8th of October 2014read more about DSA-3048 apt - security update
Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
8th of October 2014read more about DSA-3047 rsyslog - security update
5th of October 2014read more about DSA-3046 mediawiki - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator:
4th of October 2014read more about DSA-3045 qemu - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware:
4th of October 2014read more about DSA-3044 qemu-kvm - security update
4th of October 2014read more about DSA-3042 exuberant-ctags - security update
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.
1st of October 2014read more about DSA-3041 xen - security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
30th of September 2014read more about DSA-3040 rsyslog - security update