最新 Debian 安全通告

  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT COUNT(sid) AS count FROM sessions WHERE timestamp >= 1496070731 AND uid = 0 in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT DISTINCT u.uid, u.name, s.timestamp FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.timestamp >= 1496070731 AND s.uid > 0 ORDER BY s.timestamp DESC in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
訂閱文章
Debian Security Advisories
已更新: 14 分鐘 36 秒 前

DSA-3864 fop - security update

2017, 五月 27 - 00:00

It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure.

DSA-3863 imagemagick - security update

2017, 五月 25 - 00:00

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

DSA-3862 puppet - security update

2017, 五月 25 - 00:00

It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.

DSA-3861 libtasn1-6 - security update

2017, 五月 24 - 00:00

Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.

DSA-3860 samba - security update

2017, 五月 24 - 00:00

steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.

DSA-3859 dropbear - security update

2017, 五月 19 - 00:00

Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client:

DSA-3858 openjdk-7 - security update

2017, 五月 19 - 00:00

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography.

DSA-3857 mysql-connector-java - security update

2017, 五月 18 - 00:00

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

DSA-3856 deluge - security update

2017, 五月 18 - 00:00

Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).

DSA-3855 jbig2dec - security update

2017, 五月 18 - 00:00

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.

DSA-3853 bitlbee - security update

2017, 五月 15 - 00:00

It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.

DSA-3854 bind9 - security update

2017, 五月 14 - 00:00

Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-3852 squirrelmail - security update

2017, 五月 13 - 00:00

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server.

DSA-3851 postgresql-9.4 - security update

2017, 五月 12 - 00:00

Several vulnerabilities have been found in the PostgreSQL database system:

DSA-3850 rtmpdump - security update

2017, 五月 12 - 00:00

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped.

DSA-3849 kde4libs - security update

2017, 五月 12 - 00:00

Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-3848 git - security update

2017, 五月 10 - 00:00

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

DSA-3847 xen - security update

2017, 五月 9 - 00:00

Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.

DSA-3846 libytnef - security update

2017, 五月 9 - 00:00

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file.

DSA-3845 libtirpc - security update

2017, 五月 8 - 00:00

Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).