wiki:Security

Version 21 (modified by alan, 6 years ago) (diff)

--

Security Updates

Parsix Developers closely follow Debian Security Advisories and port them to our own security repository. Right now we are offering security support for both of our stable and testing branches. Parsix Continent repository is also fully supported by security updates.

Keeping Your System Secure

To keep your systems secure, make sure you have the following entries in your /etc/apt/sources.list file. Make sure to replace codename with a release codename such as raul or vinnie.

deb http://security.parsix.org codename main contrib non-free
deb-src http://security.parsix.org codename main contrib non-free

Constantly follow the update notifier or manually run the following command to update your systems:

# apt-get update && apt-get dist-upgrade

Recent Security Advisories

[Upload Date] DSA Ref.

[10 Sep 2011] DSA-2302 bcfg2 - missing input sanitization
[10 Sep 2011] DSA-2301 rails - several vulnerabilitie
[10 Sep 2011] DSA-2297 icedove - several vulnerabilities
[10 Sep 2011] DSA-2296 iceweasel - several vulnerabilities
[10 Sep 2011] DSA-2295 iceape - several vulnerabilitie
[05 Sep 2011] DSA-2298 apache2 - denial of service
[31 Aug 2011] DSA-2300 nss - compromised certificate authority
[31 Aug 2011] DSA-2299 ca-certificates - compromised certificate authority
[31 Aug 2011] DSA-2294 freetype - missing input sanitizing
[14 Aug 2011] DSA-2293 libxfont - buffer overflow
[14 Aug 2011] DSA-2292 isc-dhcp - denial of service
[14 Aug 2011] DSA-2291 squirrelmail - various vulnerabilities
[14 Aug 2011] DSA-2290 samba - cross-site scripting
[14 Aug 2011] DSA-2289 typo3-src - several vulnerabilities
[03 Aug 2011] DSA-2288 libsndfile - integer overflow
[03 Aug 2011] DSA-2287 libpng - several vulnerabilities
[03 Aug 2011] DSA-2286 phpymadmin - several vulnerabilities
[03 Aug 2011] DSA-2285 mapserver - several vulnerabilities
[03 Aug 2011] DSA-2284 opensaml2 - implementation error
[03 Aug 2011] DSA-2283 krb5-appl - programming error
[03 Aug 2011] DSA-2282 qemu-kvm - several vulnerabilities
[03 Aug 2011] DSA-2281 opie - several vulnerabilities
[03 Aug 2011] DSA-2280 libvirt - several vulnerabilities
[03 Aug 2011] DSA-2279 libapache2-mod-authnz-external - SQL injection
[10 Jul 2011] DSA-2277 xml-security-c - stack-based buffer overflow
[10 Jul 2011] DSA-2276 asterisk - multiple denial of service
[10 Jul 2011] DSA-2275 openoffice.org - stack-based buffer overflow
[10 Jul 2011] DSA-2274 wireshark - several vulnerabilities
[10 Jul 2011] DSA-2273 icedove - several vulnerabilities
[10 Jul 2011] DSA-2272 bind9 - denial of service
[10 Jul 2011] DSA-2269 iceape - several vulnerabilities
[09 Jul 2011] DSA-2268 iceweasel - several vulnerabilitie
[04 Jul 2011] DSA-2271 curl - improper delegation of client credentials
[04 Jul 2011] DSA-2270 qemu-kvm - programming error
[04 Jul 2011] DSA-2267 perl - restriction bypass
[04 Jul 2011] DSA-2266 php5 - several vulnerabilities
[04 Jul 2011] DSA-2265 perl - lack of tainted flag propagation
[19 Jun 2011] DSA-2263 movabletype-opensource - several vulnerabilities
[19 Jun 2011] DSA-2262 moodle - several vulnerabilities
[19 Jun 2011] DSA-2261 redmine - several vulnerabilities
[19 Jun 2011] DSA-2260 rails - several vulnerabilities
[19 Jun 2011] DSA-2259 fex - authentication bypass
[19 Jun 2011] DSA-2258 kolab-cyrus-imapd - implementation error
[10 Jun 2011] DSA-2257 vlc - heap-based buffer overflow
[09 Jun 2011] DSA-2256 tiff - buffer overflow
[07 Jun 2011] DSA-2255 libxml2 - buffer overflow
[05 Jun 2011] DSA-2245 chromium-browser - several vulnerabilities
[05 Jun 2011] DSA-2251 subversion - several vulnerabilitie
[04 Jun 2011] DSA-2254 oprofile - command injection
[04 Jun 2011] DSA-2252 dovecot - programming error
[04 Jun 2011] DSA-2247 rails - several vulnerabilities
[04 Jun 2011] DSA-2246 mahara - several vulnerabilities
[30 May 2011] DSA-2244 bind9 - incorrect boundary condition
[30 May 2011] DSA-2243 unbound - design flaw
[30 May 2011] DSA-2242 cyrus-imapd-2.2 - implementation error
[30 May 2011] DSA-2241 qemu-kvm - implementation error
[30 May 2011] DSA-2239 libmojolicious-perl - several vulnerabilities
[30 May 2011] DSA-2238 vino - several vulnerabilities
[30 May 2011] DSA-2237 apr - denial of service
[13 May 2011] DSA-2236 exim4 - command injection
[13 May 2011] DSA-2235 icedove - several vulnerabilities
[13 May 2011] DSA-2234 zodb - several vulnerabilities
[13 May 2011] DSA-2233 postfix - several vulnerabilities
[13 May 2011] DSA-2231 otrs2 - cross-site scripting
[13 May 2011] DSA-2230 qemu-kvm - several vulnerabilities
[13 May 2011] DSA-2229 spip - programming error
[13 May 2011] DSA-2226 libmodplug - buffer overflow
[08 May 2011] DSA-2228 iceweasel - several vulnerabilities
[08 May 2011] DSA-2227 iceape - several vulnerabilities
[30 Apr 2011] DSA-2225 asterisk - several vulnerabilities
[30 Apr 2011] DSA-2224 openjdk-6 - several vulnerabilities
[30 Apr 2011] DSA-2223 doctrine - SQL injection
[30 Apr 2011] DSA-2222 tinyproxy - incorrect ACL processing
[30 Apr 2011] DSA-2221 libmojolicious-perl - directory traversal
[30 Apr 2011] DSA-2220 request-tracker3.6, request-tracker3.8 - several vulnerabilities
[30 Apr 2011] DSA-2219 xmlsec1 - arbitrary file overwrite
[13 Apr 2011] DSA-2218 vlc - heap-based buffer overflow
[10 Apr 2011] DSA-2217 dhcp3 - missing input sanitization
[10 Apr 2011] DSA-2216 isc-dhcp - missing input sanitization
[10 Apr 2011] DSA-2215 gitolite - directory traversal
[10 Apr 2011] DSA-2214 ikiwiki - missing input validation
[10 Apr 2011] DSA-2213 x11-xserver-utils - missing input sanitization
[10 Apr 2011] DSA-2212 tmux - privilege escalation
[10 Apr 2011] DSA-2211 vlc - missing input sanitising
[05 Apr 2011] DSA-2210 tiff - several vulnerabilities
[05 Apr 2011] DSA-2209 tgt - double free
[30 Mar 2011] DSA-2203 nss - ssl certificate blacklist update
[30 Mar 2011] DSA-2208 bind9 - denial of service
[30 Mar 2011] DSA-2196 maradns - buffer overflow
[29 Mar 2011] DSA-2201 wireshark - several vulnerabilities
[29 Mar 2011] DSA-2205 gdm3 - privilege escalation
[29 Mar 2011] DSA-2198 tex-common - insufficient input sanitization
[29 Mar 2011] DSA-2197 quagga - denial of service
[29 Mar 2011] DSA-2195 php5 - several vulnerabilities
[29 Mar 2011] DSA-2194 libvirt - insufficient checks
[29 Mar 2011] DSA-2193 libcgroup - several vulnerabilities
[29 Mar 2011] DSA-2184 isc-dhcp - denial of service
[26 Mar 2011] DSA-2202 apache2 - failure to drop root privileges
[26 Mar 2011] DSA-2192 chromium-browser - several vulnerabilities
[26 Mar 2011] DSA-2181 subversion - denial of service
[25 Mar 2011] DSA-2200 iceweasel - ssl certificate blacklist update
[25 Mar 2011] DSA-2199 iceape - ssl certificate blacklist update
[13 Mar 2011] DSA-2188 webkit - several vulnerabilities
[12 Mar 2011] DSA-2185 proftpd-dfsg - integer overflow
[12 Mar 2011] DSA-2190 wordpress - several vulnerabilities
[10 Mar 2011] DSA-2189 chromium-browser - several vulnerabilities
[10 Mar 2011] DSA-2187 icedove - several vulnerabilities
[10 Mar 2011] DSA-2186 iceweasel - several vulnerabilities