Debian Security
Debian Security Advisories
DSA-2405 apache2 - multiple issues
Several vulnerabilities have been found in the Apache HTTPD Server:
DSA-2403 php5 - code injection
Stefan Esser discovered that the implementation of the max_input_vars
configuration variable in a recent PHP security update was flawed such
that it allows remote attackers to crash PHP or potentially execute
code.
DSA-2404 xen-qemu-dm-4.0 - buffer overflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e
network interface card of QEMU, which is used in the xen-qemu-dm-4.0
packages. This vulnerability might enable to malicious guest systems
to crash the host system or escalate their privileges.
DSA-2384 cacti - several vulnerabilities
Several vulnerabilities have been discovered in Cacti, a graphing tool
for monitoring data. Multiple cross site scripting issues allow remote
attackers to inject arbitrary web script or HTML. An SQL injection
vulnerability allows remote attackers to execute arbitrary SQL commands.
DSA-2402 iceape - several vulnerabilities
Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:
DSA-2401 tomcat6 - several vulnerabilities
Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:
DSA-2400 iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.
DSA-2399 php5 - several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:
DSA-2398 curl - several vulnerabilities
Several vulnerabilities have been discovered in cURL, an URL transfer
library. The Common Vulnerabilities and Exposures project identifies the
following problems:
DSA-2397 icu - buffer underflow
It was discovered that a buffer overflow in the Unicode library ICU
could lead to the execution of arbitrary code.
DSA-2396 qemu-kvm - buffer underflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e
network interface card of KVM, a solution for full virtualization on
x86 hardware, which could result in denial of service or privilege
escalation.
DSA-2395 wireshark - buffer underflow
Laurent Butti discovered a buffer underflow in the LANalyzer dissector
of the Wireshark network traffic analyzer, which could lead to the
execution of arbitrary code (CVE-2012-0068).
DSA-2394 libxml2 - several vulnerabilities
Many security problems have been fixed in libxml2, a popular library to handle
XML data files.
DSA-2393 bip - buffer overflow
Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy
which may allow arbitrary code execution by remote users.
DSA-2392 openssl - out-of-bounds read
Antonio Martin discovered a denial-of-service vulnerability in
OpenSSL, an implementation of TLS and related protocols. A malicious
client can cause the DTLS server implementation to crash. Regular,
TCP-based TLS is not affected by this issue.
DSA-2301 rails - several vulnerabilities
Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:
DSA-2391 phpmyadmin - several vulnerabilities
Several vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems:
DSA-2390 openssl - several vulnerabilities
Several vulnerabilities were discovered in OpenSSL, an implementation
of TLS and related protocols. The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:
DSA-2389 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
DSA-2388 t1lib - several vulnerabilities
Several vulnerabilities were discovered in t1lib, a Postscript Type 1
font rasterizer library, some of which might lead to code execution
through the opening of files embedding bad fonts.
DSA-2387 simplesamlphp - insufficient input sanitation
timtai1 discovered that simpleSAMLphp, an authentication and federation
platform, is vulnerable to a cross site scripting attack, allowing a
remote attacker to access sensitive client data.
DSA-2386 openttd - several vulnerabilities
Several vulnerabilities have been discovered in OpenTTD, a transport
business simulation game. Multiple buffer overflows and off-by-one
errors allow remote attackers to cause denial of service.
DSA-2385 pdns - packet loop
Ray Morris discovered that the PowerDNS authoritative server responds
to response packets. An attacker who can spoof the source address of
IP packets can cause an endless packet loop between a PowerDNS
authoritative server and another DNS server, leading to a denial of
service.
- Colongan Berita (rss feed)
- Debian Admin
- Detikcom
- Distro Watch
- OS News
- SlashDot Linux
- Viva News
- Para Tetangga
- Akhmad Suaidi
- Anton Yulianto
- Arinet
- Asfihani
- Budi Wijaya
- Cahyo Darujati
- Dani Wafaul Falah
- David Suhendrik
- Eszy Filiani Poespo
- Galih Satriaji
- Henning TC
- Impianti WU
- KLAS
- Kiki Ahmadi
- M. Yuqi
- Menik
- Nanin Wailisahalong
- Noor Al Azam
- Nur Aini
- Paejo
- Sari Rachmatika
- Satpam Bobo