Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-3983 samba - security update
    Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix:
  • DSA-3982 perl - security update
    Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:
  • DSA-3981 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks.
  • DSA-3980 apache2 - security update
    Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.
  • DSA-3979 pyjwt - security update
    It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch.
  • DSA-3978 gdk-pixbuf - security update
    Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened.
  • DSA-3977 newsbeuter - security update
    It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbeuter.
  • DSA-3976 freexl - security update
    Marcin Icewall Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
  • DSA-3975 emacs25 - security update
    Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).
  • DSA-3974 tomcat8 - security update
    Two issues were discovered in the Tomcat servlet and JSP engine.
  • DSA-3973 wordpress-shibboleth - security update
    A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.
  • DSA-3972 bluez - security update
    An information disclosure vulnerability was discovered in the Service Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys.
  • DSA-3971 tcpdump - security update
    Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.
  • DSA-3970 emacs24 - security update
    Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).
  • DSA-3969 xen - security update
    Multiple vulnerabilities have been discovered in the Xen hypervisor:
  • DSA-3968 icedove - security update
    Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
  • DSA-3967 mbedtls - security update
    An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as optional. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.
  • DSA-3966 ruby2.3 - security update
    Multiple vulnerabilities were discovered in the interpreter for the Ruby language:
  • DSA-3965 file - security update
    Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.
  • DSA-3964 asterisk - security update
    Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands.
  • More...

Leave a Reply

Your email address will not be published. Required fields are marked *