Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
4cbadb48dda00be85d46d8fcccadc0b92923c8219c7569b6d2df731ece4d0271
Debian Linux Security Advisory 2463-1 - Ivano Cristofolini discovered that insufficient security checks in Samba's handling of LSA RPC calls could lead to privilege escalation by gaining the "take ownership" privilege.
65c8de9a46a2e00007a474ced85b5cba1598c033fe88ece3b0f770eacd08ccf7
Debian Linux Security Advisory 2462-1 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.
132c0a8aab05698e43ed93ac17041bec1f40bc314bb4d4da66317818ef77adc3
Debian Linux Security Advisory 2461-1 - Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions.
941b8db73cd0a3d9a9f385427725bfc3917123f727aded12a6b4fbeeda06ba25
Debian Linux Security Advisory 2459-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.
c4367fc9a6c58c5c50a49bebc2fb4c7a2ab096bdd87ada9269d127b16eeae4ba
Debian Linux Security Advisory 2454-2 - Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.
7e348a26b106449f52510f57388768abb0d395544cec547906f51111b437e856
Debian Linux Security Advisory 2460-1 - Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit.
90ac813962f844ca8939a8b64ac607c95c83938e1adac515d296dc2a4e24ef63
Debian Linux Security Advisory 2458-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
63ce617ad4207fc9f6f56c8d68d84d9f42707e256fcf4c53016b892111eca303
Debian Linux Security Advisory 2457-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
72062d31000e1dd318e5baed8da99783e883be58715d1af2aaba2ac43f06817d
Debian Linux Security Advisory 2456-1 - Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.
74e30aac727f551c38ff58b3cc7ff8cd5d28075b68721fe8d01264232d3782b2
Debian Linux Security Advisory 2455-1 - Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.
47c42962916e4199be3819f88b30e724d5de0dc112811ab11be528a7445fd133
Debian Linux Security Advisory 2454-1 - Multiple vulnerabilities have been found in OpenSSL. Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.
825c0a8ae8ea8fbf2a20faf45cd58f27b84d9a4a1fa4c787cb05063d8a84342e
Debian Linux Security Advisory 2453-2 - It was discovered that the last security update for gajim, DSA-2453-1, introduced a regression in certain environments.
b1fb80c3fdbcf71fd6eb1389efd82d09a8a8af11eee74efd97d96c872aecc243
Debian Linux Security Advisory 2453-1 - Several vulnerabilities have been discovered in gajim, a feature-rich jabber client.
bd105df7fba5991e582b3c8ae56d9c2086f0b1c465a2185562b29411c942cbb9
Debian Linux Security Advisory 2452-1 - Niels Heinen noticed a security issue with the default Apache configuration on Debian if certain scripting modules like mod_php or mod_rivet are installed. The problem arises because the directory /usr/share/doc, which is mapped to the URL /doc, may contain example scripts that can be executed by requests to this URL. Although access to the URL /doc is restricted to connections from localhost, this still creates security issues in two specific configurations.
d52b84f07d62410b49a8dd5b85aec7aeebf6d89cf4e9d3b364e93c771843b179
Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.
35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20
Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bc
Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.
3b634c4e6348ffb1a9b2e90c970e4768f1315994bf78cea4adf5af707077012b
Debian Linux Security Advisory 2448-1 - It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query.
531a6ada2ab9abfb6de202bbd399f431ac06f31ee6befe118b5ce7ceb9a5fdfa
Debian Linux Security Advisory 2447-1 - Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.
6ce335ccbe6295d66a62055d9901e728323be55bdabae78fa343cfb3420c7849
Debian Linux Security Advisory 2446-1 - It was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code.
3e50b7906f853d07a3ae32dc87113500c570284a57f8a8477e9ba1fa562828ab
Debian Linux Security Advisory 2398-2 - cURL is a command-line tool and library for transferring data with URL syntax. It was discovered that the countermeasures against the Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389, "BEAST") cause interoperability issues with some server implementations. This update ads the the CURLOPT_SSL_OPTIONS and CURLSSLOPT_ALLOW_BEAST options to the library, and the - --ssl-allow-beast option to the "curl" program.
33bcc7e0fabacf99511b85726223d256c398e0114a35ca5e88d81f02413ac358
Debian Linux Security Advisory 2442-2 - The openarena update DSA-2442-1 introduced a regression in which servers would cease to respond to status requests after an uptime of several weeks.
c2390db85f6c63b28976206746212e8088846ece4e3c07420ac23ed5f2c04a40
Debian Linux Security Advisory 2445-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework.
a9853f6d26abdcd01ac84fcb057e959dad29c7c0d2acfe13d89f2069f8eebcb4
Debian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62c
Debian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3