inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.
24 april 2015meer lezen over DSA-3233 wpa - security update
Several vulnerabilities were discovered in cURL, an URL transfer library:
22 april 2015meer lezen over DSA-3232 curl - security update
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
21 april 2015meer lezen over DSA-3231 subversion - security update
James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.
20 april 2015meer lezen over DSA-3230 django-markupfield - security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
19 april 2015meer lezen over DSA-3229 mysql-5.5 - security update
Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.
16 april 2015meer lezen over DSA-3228 ppp - security update
John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.
15 april 2015meer lezen over DSA-3227 movabletype-opensource - security update
Adam discovered several problems in inspircd, an IRC daemon:
15 april 2015meer lezen over DSA-3226 inspircd - security update
Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead to the execution of arbitrary code.
15 april 2015meer lezen over DSA-3225 gst-plugins-bad0.10 - security update
Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code.
12 april 2015meer lezen over DSA-3224 libx11 - security update
Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol:
12 april 2015meer lezen over DSA-3223 ntp - security update
Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server:
12 april 2015meer lezen over DSA-3222 chrony - security update
Adam Sampson discovered a buffer overflow in the handling of the XAUTHORITY environment variable in das-watchdog, a watchdog daemon to ensure a realtime process won't hang the machine. A local user can exploit this flaw to escalate his privileges and execute arbitrary code as root.
12 april 2015meer lezen over DSA-3221 das-watchdog - security update
Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.
11 april 2015meer lezen over DSA-3220 libtasn1-3 - security update
Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf() function to write to a fixed-size memory buffer.
11 april 2015meer lezen over DSA-3219 libdbd-firebird-perl - security update
Ignacio R. Morelle discovered that missing path restrictions in the
Battle of Wesnothgame could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.
10 april 2015meer lezen over DSA-3218 wesnoth-1.10 - security update
Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.
9 april 2015meer lezen over DSA-3217 dpkg - security update
Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system:
6 april 2015meer lezen over DSA-3216 tor - security update
Multiple vulnerabilities were discovered in libgd2, a graphics library:
6 april 2015meer lezen over DSA-3215 libgd2 - security update
A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
6 april 2015meer lezen over DSA-3214 mailman - security update
Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver. The Common Vulnerabilities and Exposures project identifies the following problems:
6 april 2015meer lezen over DSA-3213 arj - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.
2 april 2015meer lezen over DSA-3212 icedove - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.
1 april 2015meer lezen over DSA-3211 iceweasel - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
31 maart 2015meer lezen over DSA-3210 wireshark - security update
Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.
30 maart 2015meer lezen over DSA-3209 openldap - security update
Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
29 maart 2015meer lezen over DSA-3208 freexl - security update
A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.
28 maart 2015meer lezen over DSA-3207 shibboleth-sp2 - security update
Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
28 maart 2015meer lezen over DSA-3206 dulwich - security update
Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
27 maart 2015meer lezen over DSA-3205 batik - security update