Category Archives: Debian

Debian Security Advisories

Debian

DSA-3069 curl – security update

Symeon Paraschoudis discovered that the curl_easy_duphandle() function
in cURL, an URL transfer library, has a bug that can lead to libcurl
eventually sending off sensitive data that was not intended for sending,
while performing a HTTP POST operation.

Debian

DSA-3064 php5 – security update

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. It has been
decided to follow the stable 5.4.x releases for the Wheezy PHP packages.
Consequently the vulnerabilities are addressed by upgrading PHP to a new
upstream version 5.4.34, which includes additional bug fixes, new
features and possibly incompatible changes. Please refer to the upstream
changelog for more information:

Debian

DSA-3063 quassel – security update

An out-of-bounds read vulnerability was discovered in Quassel-core, one
of the components of the distributed IRC client Quassel. An attacker can
send a crafted message that crash to component causing a denial of
services or disclosure of information from process memory.

Debian

DSA-3062 wget – security update

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line
utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability
allows to create arbitrary files on the user’s system when Wget runs in
recursive mode against a malicious FTP server. Arbitrary file creation
may override content of user’s files or permit remote code execution with
the user privilege.

Debian

DSA-3061 icedove – security update

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors, buffer overflows, use-after-frees and other implementation
errors may lead to the execution of arbitrary code or denial of service.