Symeon Paraschoudis discovered that the curl_easy_duphandle() function
in cURL, an URL transfer library, has a bug that can lead to libcurl
eventually sending off sensitive data that was not intended for sending,
while performing a HTTP POST operation.
Category Archives: Debian
Debian Security Advisories
DSA-3070 kfreebsd-9 – security update
Several vulnerabilities have been discovered in the FreeBSD kernel that
may lead to a denial of service or information disclosure.
DSA-3065 libxml-security-java – security update
James Forshaw discovered that, in Apache Santuario XML Security for
Java, CanonicalizationMethod parameters were incorrectly validated:
by specifying an arbitrary weak canonicalization algorithm, an
attacker could spoof XML signatures.
DSA-3066 qemu – security update
Several vulnerabilities were discovered in qemu, a fast processor
emulator.
DSA-3067 qemu-kvm – security update
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.
DSA-3064 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. It has been
decided to follow the stable 5.4.x releases for the Wheezy PHP packages.
Consequently the vulnerabilities are addressed by upgrading PHP to a new
upstream version 5.4.34, which includes additional bug fixes, new
features and possibly incompatible changes. Please refer to the upstream
changelog for more information:
DSA-3063 quassel – security update
An out-of-bounds read vulnerability was discovered in Quassel-core, one
of the components of the distributed IRC client Quassel. An attacker can
send a crafted message that crash to component causing a denial of
services or disclosure of information from process memory.
DSA-3062 wget – security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line
utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability
allows to create arbitrary files on the user’s system when Wget runs in
recursive mode against a malicious FTP server. Arbitrary file creation
may override content of user’s files or permit remote code execution with
the user privilege.
DSA-3060 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service:
DSA-3061 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors, buffer overflows, use-after-frees and other implementation
errors may lead to the execution of arbitrary code or denial of service.