Several vulnerabilities have been discovered in the chromium web browser.
Category Archives: Debian
Debian Security Advisories
DSA-3550 openssh – security update
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is
enabled and the sshd PAM configuration is configured to read userspecified
environment variables and the UseLogin
option is enabled, a
local user may escalate her privileges to root.
DSA-3548 samba – security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:
DSA-3547 imagemagick – security update
Several vulnerabilities were discovered in Imagemagick, a program suite for
image manipulation. This update fixes a large number of potential security
problems such as null-pointer access and buffer-overflows that might lead
to memory leaks or denial of service. None of these security problems have
a CVE number assigned.
DSA-3546 optipng – security update
Hans Jerry Illikainen discovered that missing input sanitising in the
BMP processing code of the optipng PNG optimiser may result in denial of
service or the execution of arbitrary code if a malformed file is
processed.
DSA-3545 cgit – security update
Several vulnerabilities were discovered in cgit, a fast web frontend for
git repositories written in C. A remote attacker can take advantage of
these flaws to perform cross-site scripting, header injection or denial
of service attacks.
DSA-3544 python-django – security update
Several vulnerabilities were discovered in Django, a high-level Python
web development framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
DSA-3542 mercurial – security update
Several vulnerabilities have been discovered in Mercurial, a distributed
version control system. The Common Vulnerabilities and Exposures project
identifies the following issues:
DSA-3541 roundcube – security update
High-Tech Bridge Security Research Lab discovered that Roundcube, a
webmail client, contained a path traversal vulnerability. This flaw
could be exploited by an attacker to access sensitive files on the
server, or even execute arbitrary code.
DSA-3543 oar – security update
Emmanuel Thome discovered that missing sanitising in the oarsh command
of OAR, a software used to manage jobs and resources of HPC clusters,
could result in privilege escalation.