Seiteninhalt
RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
DSA-4176 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
20 April 2018
lese mehr über DSA-4176 mysql-5.5 - security updateDSA-4175 freeplane - security update
Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.
18 April 2018
lese mehr über DSA-4175 freeplane - security updateDSA-4174 corosync - security update
The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.
17 April 2018
lese mehr über DSA-4174 corosync - security updateDSA-4173 r-cran-readxl - security update
Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed.
16 April 2018
lese mehr über DSA-4173 r-cran-readxl - security updateDSA-4172 perl - security update
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:
14 April 2018
lese mehr über DSA-4172 perl - security updateDSA-4171 ruby-loofah - security update
The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.
13 April 2018
lese mehr über DSA-4171 ruby-loofah - security updateDSA-4169 pcs - security update
Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient.
11 April 2018
lese mehr über DSA-4169 pcs - security updateDSA-4170 pjproject - security update
Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys.
9 April 2018
lese mehr über DSA-4170 pjproject - security updateDSA-4168 squirrelmail - security update
Florian Grunow and Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.
8 April 2018
lese mehr über DSA-4168 squirrelmail - security updateDSA-4167 sharutils - security update
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.
5 April 2018
lese mehr über DSA-4167 sharutils - security updateDSA-4166 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.
4 April 2018
lese mehr über DSA-4166 openjdk-7 - security updateDSA-4165 ldap-account-manager - security update
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.
3 April 2018
lese mehr über DSA-4165 ldap-account-manager - security updateDSA-4164 apache2 - security update
Several vulnerabilities have been found in the Apache HTTPD server.
3 April 2018
lese mehr über DSA-4164 apache2 - security updateDSA-4163 beep - security update
It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.
2 April 2018
lese mehr über DSA-4163 beep - security updateDSA-4162 irssi - security update
Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.
1 April 2018
lese mehr über DSA-4162 irssi - security updateDSA-4161 python-django - security update
James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application.
1 April 2018
lese mehr über DSA-4161 python-django - security updateDSA-4160 libevt - security update
It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service if a malformed EVT file is processed.
1 April 2018
lese mehr über DSA-4160 libevt - security updateDSA-4159 remctl - security update
Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.
1 April 2018
lese mehr über DSA-4159 remctl - security updateDSA-4158 openssl1.0 - security update
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
29 März 2018
lese mehr über DSA-4158 openssl1.0 - security updateDSA-4157 openssl - security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:
29 März 2018
lese mehr über DSA-4157 openssl - security updateDSA-4156 drupal7 - security update
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002
29 März 2018
lese mehr über DSA-4156 drupal7 - security updateDSA-4155 thunderbird - security update
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.
28 März 2018
lese mehr über DSA-4155 thunderbird - security updateDSA-4154 net-snmp - security update
A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd.
28 März 2018
lese mehr über DSA-4154 net-snmp - security updateDSA-4153 firefox-esr - security update
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.
27 März 2018
lese mehr über DSA-4153 firefox-esr - security updateDSA-4152 mupdf - security update
Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute code in the context in which the application is running.
27 März 2018
lese mehr über DSA-4152 mupdf - security updateDSA-4151 librelp - security update
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate.
26 März 2018
lese mehr über DSA-4151 librelp - security updateDSA-4150 icu - security update
It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code.
23 März 2018
lese mehr über DSA-4150 icu - security updateDSA-4149 plexus-utils2 - security update
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
22 März 2018
lese mehr über DSA-4149 plexus-utils2 - security updateDSA-4148 kamailio - security update
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
22 März 2018
lese mehr über DSA-4148 kamailio - security updateDSA-4147 polarssl - security update
Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
21 März 2018
lese mehr über DSA-4147 polarssl - security update
