inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.
18 augustus 2014meer lezen over DSA-3006 xen - security update
Tomáš Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.
14 augustus 2014meer lezen over DSA-3005 gpgme1.0 - security update
Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.
11 augustus 2014meer lezen over DSA-3004 kde4libs - security update
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15
10 augustus 2014meer lezen over DSA-3003 libav - security update
Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service.
10 augustus 2014meer lezen over DSA-3002 wireshark - security update
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/.
9 augustus 2014meer lezen over DSA-3001 wordpress - security update
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:
9 augustus 2014meer lezen over DSA-3000 krb5 - security update
A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable or unresponsive. More information can be found at https://www.drupal.org/SA-CORE-2014-004.
9 augustus 2014meer lezen over DSA-2999 drupal7 - security update
Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).
7 augustus 2014meer lezen over DSA-2998 openssl - security update
Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug.
5 augustus 2014meer lezen over DSA-2997 reportbug - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
3 augustus 2014meer lezen over DSA-2996 icedove - security update
Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.
3 augustus 2014meer lezen over DSA-2995 lzo2 - security update
Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library:
31 juli 2014meer lezen over DSA-2994 nss - security update
Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.
31 juli 2014meer lezen over DSA-2993 tor - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:
29 juli 2014meer lezen over DSA-2992 linux - security update
Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.
27 juli 2014meer lezen over DSA-2991 modsecurity-apache - security update
It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
27 juli 2014meer lezen over DSA-2990 cups - security update
Several security issues were found in the Apache HTTP server.
24 juli 2014meer lezen over DSA-2989 apache2 - security update
Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.
24 juli 2014meer lezen over DSA-2988 transmission - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
23 juli 2014meer lezen over DSA-2987 openjdk-7 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
23 juli 2014meer lezen over DSA-2986 iceweasel - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
22 juli 2014meer lezen over DSA-2985 mysql-5.5 - security update
CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.
22 juli 2014meer lezen over DSA-2984 acpi-support - security update
Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003.
20 juli 2014meer lezen over DSA-2983 drupal7 - security update