最新 Debian 安全通告

  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT COUNT(sid) AS count FROM sessions WHERE timestamp >= 1511061155 AND uid = 0 in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT DISTINCT u.uid, u.name, s.timestamp FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.timestamp >= 1511061155 AND s.uid > 0 ORDER BY s.timestamp DESC in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
訂閱文章
Debian Security Advisories
已更新: 2 小時 15 分鐘 前

DSA-4040 imagemagick - security update

2017, 十一月 17 - 00:00

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

DSA-4039 opensaml2 - security update

2017, 十一月 16 - 00:00

Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

DSA-4038 shibboleth-sp2 - security update

2017, 十一月 16 - 00:00

Rod Widdowson of Steading System Software LLP discovered a coding error in the Dynamic metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

DSA-4037 jackson-databind - security update

2017, 十一月 16 - 00:00

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

DSA-4036 mediawiki - security update

2017, 十一月 15 - 00:00

Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work:

DSA-4035 firefox-esr - security update

2017, 十一月 15 - 00:00

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

DSA-4034 varnish - security update

2017, 十一月 15 - 00:00

'shamger' and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service.

DSA-4033 konversation - security update

2017, 十一月 13 - 00:00

Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat (IRC) client for KDE, could crash when parsing certain IRC color formatting codes.

DSA-4032 imagemagick - security update

2017, 十一月 12 - 00:00

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed.

DSA-4031 ruby2.3 - security update

2017, 十一月 11 - 00:00

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-4030 roundcube - security update

2017, 十一月 9 - 00:00

A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube's configuration files.

DSA-4029 postgresql-common - security update

2017, 十一月 9 - 00:00

It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

DSA-4028 postgresql-9.6 - security update

2017, 十一月 9 - 00:00

Several vulnerabilities have been found in the PostgreSQL database system:

DSA-4027 postgresql-9.4 - security update

2017, 十一月 9 - 00:00

A vulnerabilitiy has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions.

DSA-4026 bchunk - security update

2017, 十一月 9 - 00:00

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

DSA-4025 libpam4j - security update

2017, 十一月 8 - 00:00

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

DSA-4024 chromium-browser - security update

2017, 十一月 8 - 00:00

Several vulnerabilities have been discovered in the chromium browser.

DSA-4022 libreoffice - security update

2017, 十一月 7 - 00:00

Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

DSA-4023 slurm-llnl - security update

2017, 十一月 7 - 00:00

Ryan Day discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use.

DSA-4021 otrs2 - security update

2017, 十一月 7 - 00:00

It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics.