inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
DSA-4233 bouncycastle - security update
It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.
22 juni 2018
meer lezen over DSA-4233 bouncycastle - security updateDSA-4232 xen - security update
This update provides mitigations for the
lazy FPU
vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/advisory-267.html20 juni 2018
meer lezen over DSA-4232 xen - security updateDSA-4231 libgcrypt20 - security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
17 juni 2018
meer lezen over DSA-4231 libgcrypt20 - security updateDSA-4230 redis - security update
Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
17 juni 2018
meer lezen over DSA-4230 redis - security updateDSA-4229 strongswan - security update
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.
14 juni 2018
meer lezen over DSA-4229 strongswan - security updateDSA-4228 spip - security update
Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
14 juni 2018
meer lezen over DSA-4228 spip - security updateDSA-4227 plexus-archiver - security update
Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.
12 juni 2018
meer lezen over DSA-4227 plexus-archiver - security updateDSA-4226 perl - security update
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
12 juni 2018
meer lezen over DSA-4226 perl - security updateDSA-4225 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.
10 juni 2018
meer lezen over DSA-4225 openjdk-7 - security updateDSA-4224 gnupg - security update
Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
8 juni 2018
meer lezen over DSA-4224 gnupg - security updateDSA-4223 gnupg1 - security update
Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
8 juni 2018
meer lezen over DSA-4223 gnupg1 - security updateDSA-4222 gnupg2 - security update
Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
8 juni 2018
meer lezen over DSA-4222 gnupg2 - security updateDSA-4221 libvncserver - security update
Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.
8 juni 2018
meer lezen over DSA-4221 libvncserver - security updateDSA-4220 firefox-esr - security update
Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.
8 juni 2018
meer lezen over DSA-4220 firefox-esr - security updateDSA-4219 jruby - security update
Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
8 juni 2018
meer lezen over DSA-4219 jruby - security updateDSA-4218 memcached - security update
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems:
6 juni 2018
meer lezen over DSA-4218 memcached - security updateDSA-4217 wireshark - security update
It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.
3 juni 2018
meer lezen over DSA-4217 wireshark - security updateDSA-4216 prosody - security update
It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.
2 juni 2018
meer lezen over DSA-4216 prosody - security updateDSA-4215 batik - security update
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.
2 juni 2018
meer lezen over DSA-4215 batik - security updateDSA-4214 zookeeper - security update
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum.
1 juni 2018
meer lezen over DSA-4214 zookeeper - security updateDSA-4213 qemu - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator.
29 mei 2018
meer lezen over DSA-4213 qemu - security updateDSA-4212 git - security update
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.
29 mei 2018
meer lezen over DSA-4212 git - security updateDSA-4211 xdg-utils - security update
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party could manipulate the parameters used by the browser when opened. This manipulation could set, for example, a proxy to which the network traffic could be intercepted for that particular execution.
25 mei 2018
meer lezen over DSA-4211 xdg-utils - security updateDSA-4210 xen - security update
This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update). For servers with AMD CPUs no microcode update is needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html for further information.
25 mei 2018
meer lezen over DSA-4210 xen - security updateDSA-4209 thunderbird - security update
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
25 mei 2018
meer lezen over DSA-4209 thunderbird - security update
