inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems:
26 augustus 2016meer lezen over DSA-3655 mupdf - security update
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon.
26 augustus 2016meer lezen over DSA-3654 quagga - security update
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer() function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources.
25 augustus 2016meer lezen over DSA-3653 flex - security update
This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
25 augustus 2016meer lezen over DSA-3652 imagemagick - security update
Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as
HTML safewill not have quotes escaped when used as attribute values in tag helpers.
25 augustus 2016meer lezen over DSA-3651 rails - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
17 augustus 2016meer lezen over DSA-3650 libgcrypt20 - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
17 augustus 2016meer lezen over DSA-3649 gnupg - security update
Multiple vulnerabilities were discovered in the dissectors for NDS, PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in denial of service or the execution of arbitrary code.
12 augustus 2016meer lezen over DSA-3648 wireshark - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.
11 augustus 2016meer lezen over DSA-3647 icedove - security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
11 augustus 2016meer lezen over DSA-3646 postgresql-9.4 - security update
Several vulnerabilites have been discovered in the chromium web browser.
9 augustus 2016meer lezen over DSA-3645 chromium-browser - security update
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.
8 augustus 2016meer lezen over DSA-3644 fontconfig - security update
Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.
6 augustus 2016meer lezen over DSA-3643 kde4libs - security update
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
5 augustus 2016meer lezen over DSA-3642 lighttpd - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.
4 augustus 2016meer lezen over DSA-3641 openjdk-7 - security update
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, information disclosure and bypass of the same-origin policy.
3 augustus 2016meer lezen over DSA-3640 firefox-esr - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.
3 augustus 2016meer lezen over DSA-3639 wordpress - security update
Several vulnerabilities were discovered in cURL, an URL transfer library:
3 augustus 2016meer lezen over DSA-3638 curl - security update
Several vulnerabilities have been discovered in the chromium web browser.
31 juli 2016meer lezen over DSA-3637 chromium-browser - security update
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code.
30 juli 2016meer lezen over DSA-3636 collectd - security update
It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions.
30 juli 2016meer lezen over DSA-3634 redis - security update
Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
29 juli 2016meer lezen over DSA-3635 libdbd-mysql-perl - security update