DSA-2980-1 openjdk-6 — security update

Date Reported:17 Jul 2014 Affected Packages:openjdk-6 Vulnerable:Yes Security database references: In Mitre’s CVE dictionary: CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266, CVE-2014-4268. More information: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have… Continue Reading →

DSA-2985-1 mysql-5.5 — security update

Date Reported:22 Jul 2014 Affected Packages:mysql-5.5 Vulnerable:Yes Security database references:In the Debian bugtracking system: Bug 754941. In Mitre’s CVE dictionary: CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260. More information: Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle’s Critical Patch… Continue Reading →

DSA-2992-1 linux — security update

Date Reported:29 Jul 2014 Affected Packages:linux Vulnerable:Yes Security database references: In the Debian bugtracking system: Bug 728705. In Mitre’s CVE dictionary: CVE-2014-3534, CVE-2014-4667, CVE-2014-4943. More information: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534Martin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the… Continue Reading →

DSA-2998-1 openssl — security update

Date Reported:07 Aug 2014 Affected Packages:openssl Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139. More information: Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP… Continue Reading →

DSA-3007-1 cacti — security update

Date Reported:20 Aug 2014 Affected Packages:cacti Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262. More information: Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. For the stable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u4. For the unstable… Continue Reading →

DSA-3006-1 xen — security update

Date Reported:18 Aug 2014 Affected Packages:xen Vulnerable:Yes Security database references: In Mitre’s CVE dictionary: CVE-2013-1432, CVE-2013-1442, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4494, CVE-2013-4553, CVE-2014-1950, CVE-2014-2599, CVE-2014-3124, CVE-2014-4021. More information: Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u2. For the unstable distribution (sid),… Continue Reading →

DSA-3008-1 php5 — security update

Date Reported:21 Aug 2014 Affected Packages:php5 Vulnerable:Yes Security database references: In Mitre’s CVE dictionary: CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670. More information: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A… Continue Reading →

Vulnerabilidade no OpenSSL

A recente vulnerabilidade presente na biblioteca OpenSSL utilizada nos protocolos SSL, TLS/DTLS. A biblioteca OpenSSL é utilizada para prover comunicação segura e privacidade na internet para diversos serviços e aplicativos, tais como: sistemas de email, navegadores web, mensagens instantâneas(IM), VPNs, entre outros. A vulnerabilidade no OpenSSL identificada no dia 07/04/2014 permite que qualquer usuário na internet consiga ler blocos de código diretamente… Continue Reading →

Continue Reading →

DSA-2825-1 wireshark — several vulnerabilities

Date Reported:20 Dec 2013 Affected Packages:wireshark Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2013-7113, CVE-2013-7114. More information: Laurent Butti and Garming Sam discovered multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version… Continue Reading →

DSA-2822-1 xorg-server — integer underflow

Date Reported:18 Dec 2013 Affected Packages:xorg-server Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2013-6424. More information: Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 1.7.7-18. For the stable… Continue Reading →