inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.
23 mei 2016meer lezen over DSA-3586 atheme-services - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.
22 mei 2016meer lezen over DSA-3585 wireshark - security update
Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based renderer library for SVG files, parses SVG files with circular definitions. A remote attacker can take advantage of these flaws to cause an application using the librsvg library to crash.
19 mei 2016meer lezen over DSA-3584 librsvg - security update
It was discovered that the swift3 (S3 compatibility) middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks.
18 mei 2016meer lezen over DSA-3583 swift-plugin-s3 - security update
Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
18 mei 2016meer lezen over DSA-3582 expat - security update
Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message. An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man-in-the-middle.
17 mei 2016meer lezen over DSA-3581 libndp - security update
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.
16 mei 2016meer lezen over DSA-3580 imagemagick - security update
Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
16 mei 2016meer lezen over DSA-3579 xerces-c - security update
It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
14 mei 2016meer lezen over DSA-3578 libidn - security update
Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
14 mei 2016meer lezen over DSA-3577 jansson - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.
13 mei 2016meer lezen over DSA-3576 icedove - security update
It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks.
12 mei 2016meer lezen over DSA-3575 libxstream-java - security update
Rock Stevens, Andrew Ruef and Marcin
IcewallNoga discovered a heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked into processing a specially crafted ZIP file.
10 mei 2016meer lezen over DSA-3574 libarchive - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
9 mei 2016meer lezen over DSA-3573 qemu - security update
Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories.
9 mei 2016meer lezen over DSA-3572 websvn - security update
Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki's use of imagemagick in the img plugin.
8 mei 2016meer lezen over DSA-3571 ikiwiki - security update
Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.
5 mei 2016meer lezen over DSA-3570 mercurial - security update
Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems:
5 mei 2016meer lezen over DSA-3569 openafs - security update
Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.
5 mei 2016meer lezen over DSA-3568 libtasn1-6 - security update
It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.
4 mei 2016meer lezen over DSA-3567 libpam-sshauth - security update
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
3 mei 2016meer lezen over DSA-3566 openssl - security update
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs.
2 mei 2016meer lezen over DSA-3565 botan1.10 - security update
Several vulnerabilities have been discovered in the chromium web browser.
2 mei 2016meer lezen over DSA-3564 chromium-browser - security update
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.
1 mei 2016meer lezen over DSA-3563 poppler - security update
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems:
1 mei 2016meer lezen over DSA-3562 tardiff - security update
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
29 april 2016meer lezen over DSA-3561 subversion - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
27 april 2016meer lezen over DSA-3560 php5 - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
27 april 2016meer lezen over DSA-3559 iceweasel - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.
26 april 2016meer lezen over DSA-3558 openjdk-7 - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
26 april 2016meer lezen over DSA-3557 mysql-5.5 - security update