Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-3861 libtasn1-6 - security update
    Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.
  • DSA-3860 samba - security update
    steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.
  • DSA-3859 dropbear - security update
    Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client:
  • DSA-3858 openjdk-7 - security update
    Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography.
  • DSA-3857 mysql-connector-java - security update
    Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.
  • DSA-3856 deluge - security update
    Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).
  • DSA-3855 jbig2dec - security update
    Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
  • DSA-3853 bitlbee - security update
    It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.
  • DSA-3854 bind9 - security update
    Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems:
  • DSA-3852 squirrelmail - security update
    Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server.
  • DSA-3851 postgresql-9.4 - security update
    Several vulnerabilities have been found in the PostgreSQL database system:
  • DSA-3850 rtmpdump - security update
    Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped.
  • DSA-3849 kde4libs - security update
    Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:
  • DSA-3848 git - security update
    Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
  • DSA-3847 xen - security update
    Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.
  • DSA-3846 libytnef - security update
    Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file.
  • DSA-3845 libtirpc - security update
    Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
  • DSA-3844 tiff - security update
    Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code.
  • DSA-3843 tomcat8 - security update
    Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine.
  • DSA-3842 tomcat7 - security update
    Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine.
  • More...

Leave a Reply

Your email address will not be published. Required fields are marked *