inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.
27 november 2014meer lezen over DSA-3078 libksba - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
26 november 2014meer lezen over DSA-3077 openjdk-6 - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.
25 november 2014meer lezen over DSA-3076 wireshark - security update
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:
20 november 2014meer lezen over DSA-3075 drupal7 - security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
18 november 2014meer lezen over DSA-3074 php5 - security update
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
16 november 2014meer lezen over DSA-3073 libgcrypt11 - security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
11 november 2014meer lezen over DSA-3072 file - security update
In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
11 november 2014meer lezen over DSA-3071 nss - security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.
7 november 2014meer lezen over DSA-3070 kfreebsd-9 - security update
Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.
7 november 2014meer lezen over DSA-3069 curl - security update
It was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption.
7 november 2014meer lezen over DSA-3068 konversation - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
6 november 2014meer lezen over DSA-3067 qemu-kvm - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
6 november 2014meer lezen over DSA-3066 qemu - security update
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.
6 november 2014meer lezen over DSA-3065 libxml-security-java - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information:
4 november 2014meer lezen over DSA-3064 php5 - security update
An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.
2 november 2014meer lezen over DSA-3063 quassel - security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege.
1 november 2014meer lezen over DSA-3062 wget - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.
31 oktober 2014meer lezen over DSA-3061 icedove - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service:
31 oktober 2014meer lezen over DSA-3060 linux - security update
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
29 oktober 2014meer lezen over DSA-3059 dokuwiki - security update