inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.
28 juli 2015meer lezen over DSA-3319 bind9 - security update
Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.
26 juli 2015meer lezen over DSA-3318 expat - security update
Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems:
25 juli 2015meer lezen over DSA-3317 lxc - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
25 juli 2015meer lezen over DSA-3316 openjdk-7 - security update
Several vulnerabilities were discovered in the chromium web browser.
23 juli 2015meer lezen over DSA-3315 chromium-browser - security update
Upstream security support for Typo3 4.5.x ended three months ago and the same now applies to the Debian packages as well.
23 juli 2015meer lezen over DSA-3314 typo3-src - end of life
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
23 juli 2015meer lezen over DSA-3313 linux - security update
Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems.
22 juli 2015meer lezen over DSA-3312 cacti - security update
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details:
20 juli 2015meer lezen over DSA-3311 mariadb-10.0 - security update
It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened.
19 juli 2015meer lezen over DSA-3310 freexl - security update
Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code.
18 juli 2015meer lezen over DSA-3309 tidy - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
18 juli 2015meer lezen over DSA-3308 mysql-5.5 - security update
Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash).
9 juli 2015meer lezen over DSA-3307 pdns-recursor - security update
Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash).
9 juli 2015meer lezen over DSA-3306 pdns - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework:
8 juli 2015meer lezen over DSA-3305 python-django - security update
Breno Silveira Soares of Servico Federal de Processamento de Dados (SERPRO) discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminate with an assertion failure, resulting in a denial of service to clients relying on the resolver.
7 juli 2015meer lezen over DSA-3304 bind9 - security update
It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.
7 juli 2015meer lezen over DSA-3303 cups-filters - security update
Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.
6 juli 2015meer lezen over DSA-3302 libwmf - security update
Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.
5 juli 2015meer lezen over DSA-3301 haproxy - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the
4 juli 2015meer lezen over DSA-3300 iceweasel - security update
Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with
verify = 2or higher, then only the initial connection is redirected to the hosts specified with
redirect. This allows a remote attacker to bypass authentication.
2 juli 2015meer lezen over DSA-3299 stunnel4 - security update
It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as
file. Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.
1 juli 2015meer lezen over DSA-3298 jackrabbit - security update
It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.
29 juni 2015meer lezen over DSA-3297 unattended-upgrades - security update
Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.
29 juni 2015meer lezen over DSA-3296 libcrypto++ - security update