debian

DSA-3042 exuberant-ctags - security update

Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool
to build tag file indexes of source code definitions: Certain JavaScript
files cause ctags to enter an infinite loop until it runs out of disk
space, resulting in denial of service.

DSA-3041 xen - security update

Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.

DSA-3040 rsyslog - security update

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in
Rsyslog, a system for log processing. As a consequence of this
vulnerability an attacker can send malformed messages to a server, if
this one accepts data from untrusted sources, and trigger a denial of
service attack.

DSA-3039 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

DSA-3038 libvirt - security update

Several vulnerabilities were discovered in Libvirt, a virtualisation
abstraction library. The Common Vulnerabilities and Exposures project
identifies the following problems:

DSA-3036 mediawiki - security update

It was discovered that MediaWiki, a wiki engine, did not sufficiently
filter CSS in uploaded SVG files, allowing for cross site scripting.

DSA-3037 icedove - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the
Mozilla Network Security Service library, embedded in Wheezy's Icedove),
was parsing ASN.1 data used in signatures, making it vulnerable to a
signature forgery attack.

DSA-3034 iceweasel - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
(the Mozilla Network Security Service library, embedded in Wheezy's
Iceweasel package), was parsing ASN.1 data used in signatures, making it
vulnerable to a signature forgery attack.

DSA-3033 nss - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
(the Mozilla Network Security Service library) was parsing ASN.1 data
used in signatures, making it vulnerable to a signature forgery attack.

DSA-3035 bash - security update

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271
released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was
incomplete and could still allow some characters to be injected into
another environment (CVE-2014-7169). With this update prefix and suffix
for environment variable names which contain shell functions are added
as hardening measure.

Syndicate content