最新 Debian 安全通告

  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT COUNT(sid) AS count FROM sessions WHERE timestamp >= 1506352502 AND uid = 0 in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT DISTINCT u.uid, u.name, s.timestamp FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.timestamp >= 1506352502 AND s.uid > 0 ORDER BY s.timestamp DESC in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
訂閱文章
Debian Security Advisories
已更新: 47 分鐘 42 秒 前

DSA-3983 samba - security update

2017, 九月 22 - 00:00

Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix:

DSA-3982 perl - security update

2017, 九月 21 - 00:00

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-3981 linux - security update

2017, 九月 20 - 00:00

Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks.

DSA-3980 apache2 - security update

2017, 九月 20 - 00:00

Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

DSA-3979 pyjwt - security update

2017, 九月 19 - 00:00

It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch.

DSA-3978 gdk-pixbuf - security update

2017, 九月 18 - 00:00

Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened.

DSA-3977 newsbeuter - security update

2017, 九月 18 - 00:00

It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbeuter.

DSA-3976 freexl - security update

2017, 九月 17 - 00:00

Marcin Icewall Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

DSA-3975 emacs25 - security update

2017, 九月 15 - 00:00

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).

DSA-3974 tomcat8 - security update

2017, 九月 15 - 00:00

Two issues were discovered in the Tomcat servlet and JSP engine.

DSA-3973 wordpress-shibboleth - security update

2017, 九月 14 - 00:00

A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.

DSA-3972 bluez - security update

2017, 九月 13 - 00:00

An information disclosure vulnerability was discovered in the Service Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys.

DSA-3971 tcpdump - security update

2017, 九月 13 - 00:00

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

DSA-3970 emacs24 - security update

2017, 九月 12 - 00:00

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).

DSA-3969 xen - security update

2017, 九月 12 - 00:00

Multiple vulnerabilities have been discovered in the Xen hypervisor:

DSA-3968 icedove - security update

2017, 九月 11 - 00:00

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

DSA-3967 mbedtls - security update

2017, 九月 8 - 00:00

An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as optional. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

DSA-3966 ruby2.3 - security update

2017, 九月 5 - 00:00

Multiple vulnerabilities were discovered in the interpreter for the Ruby language:

DSA-3965 file - security update

2017, 九月 5 - 00:00

Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.

DSA-3964 asterisk - security update

2017, 九月 4 - 00:00

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands.