wiki:Security

Version 40 (modified by alan, 6 years ago) (diff)

--

Security Updates

Parsix Developers closely follow Debian Security Advisories and port them to our own security repository. Right now we are offering security support for both of our stable and testing branches. Parsix Continent repository is also fully supported by security updates.

Keeping Your System Secure

To keep your systems secure, make sure you have the following entries in your /etc/apt/sources.list file. Make sure to replace codename with a release codename such as raul or vinnie.

deb http://security.parsix.org codename main contrib non-free
deb-src http://security.parsix.org codename main contrib non-free

Constantly follow the update notifier or manually run the following command to update your systems:

# apt-get update && apt-get dist-upgrade

Recent Security Advisories

[Upload Date] DSA Ref.

[24 Apr 2012] DSA-2455 typo3-src - missing input sanitization
[23 Apr 2012] DSA-2454 openssl - multiple vulnerabilities
[23 Apr 2012] DSA-2453 gajim - several vulnerabilities
[23 Apr 2012] DSA-2452 apache2 - insecure default configuration
[23 Apr 2012] DSA-2451 puppet - several vulnerabilities
[23 Apr 2012] DSA-2450 samba - privilege escalation
[23 Apr 2012] DSA-2449 sqlalchemy - missing input sanitization
[23 Apr 2012] DSA-2448 inspircd - buffer overflow
[23 Apr 2012] DSA-2447 tiff - integer overflow
[23 Apr 2012] DSA-2446 libpng - incorrect memory handling
[02 Apr 2012] DSA-2445 typo3-src - several vulnerabilities
[02 Apr 2012] DSA-2442 openarena - UDP traffic amplification
[02 Apr 2012] DSA-2398 curl - several vulnerabilities
[31 Mar 2012] DSA-2433 iceweasel - several vulnerabilities
[29 Mar 2012] DSA-2444 tryton-server - privilege escalation
[29 Mar 2012] DSA-2441 gnutls26 - missing bounds check
[29 Mar 2012] DSA-2440 libtasn1-3 - missing bounds check
[29 Mar 2012] DSA-2439 libpng - buffer overflow
[29 Mar 2012] DSA-2438 raptor - programming error
[29 Mar 2012] DSA-2436 libapache2-mod-fcgid - inactive resource limits
[29 Mar 2012] DSA-2435 gnash - several vulnerabilities
[29 Mar 2012] DSA-2434 nginx - sensitive information leak
[14 Mar 2012] DSA-2432 libyaml-libyaml-perl - format string vulnerabilities
[14 Mar 2012] DSA-2431 libdbd-pg-perl - format string vulnerabilities
[14 Mar 2012] DSA-2430 python-pam - double free
[14 Mar 2012] DSA-2429 mysql-5.1 - several vulnerabilities
[14 Mar 2012] DSA-2428 freetype - several vulnerabilities
[14 Mar 2012] DSA-2427 imagemagick - several vulnerabilities
[14 Mar 2012] DSA-2426 gimp - several vulnerabilities
[04 Mar 2012] DSA-2425 plib - buffer overflow
[04 Mar 2012] DSA-2424 libxml-atom-perl - XML external entity expansion
[04 Mar 2012] DSA-2423 movabletype-opensource - several vulnerabilitie
[29 Feb 2012] DSA-2422 file - missing bounds checks
[29 Feb 2012] DSA-2421 moodle - several vulnerabilities
[29 Feb 2012] DSA-2420 openjdk-6 - several vulnerabilities
[28 Feb 2012] DSA-2419 puppet - several vulnerabilities
[28 Feb 2012] DSA-2418 postgresql-8.4 - several vulnerabilities
[28 Feb 2012] DSA-2414 fex - insufficient input sanitization
[28 Feb 2012] DSA-2417 libxml2 - computational denial of service
[28 Feb 2012] DSA-2416 notmuch - information disclosure
[28 Feb 2012] DSA-2415 libmodplug - several vulnerabilities
[28 Feb 2012] DSA-2413 libarchive - buffer overflows
[28 Feb 2012] DSA-2412 libvorbis - buffer overflow
[28 Feb 2012] DSA-2411 mumble - information disclosure
[18 Feb 2012] DSA-2410 libpng - integer overflow
[18 Feb 2012] DSA-2409 devscripts - several vulnerabilities
[18 Feb 2012] DSA-2408 php5 - several vulnerabilities
[18 Feb 2012] DSA-2406 icedove - several vulnerabilities
[10 Feb 2012] DSA-2407 cvs - heap overflow
[10 Feb 2012] DSA-2405 apache2 - multiple issues
[10 Feb 2012] DSA-2403 php5 - code injection
[08 Feb 2012] DSA-2402 iceape - several vulnerabilities
[08 Feb 2012] DSA-2404 xen-qemu-dm-4.0 - buffer overflow
[07 Feb 2012] DSA-2400 iceweasel - several vulnerabilities
[02 Feb 2012] DSA-2401 tomcat6 - several vulnerabilities
[02 Jan 2012] DSA-2399 php5 - several vulnerabilities
[30 Jan 2012] DSA-2398 curl - several vulnerabilities
[30 Jan 2012] DSA-2397 icu - buffer underflow
[28 Jan 2012] DSA-2396 qemu-kvm - buffer underflow
[28 Jan 2012] DSA-2395 wireshark - buffer underflow
[28 Jan 2012] DSA-2394 libxml2 - several vulnerabilities
[28 Jan 2012] DSA-2393 bip - buffer overflow
[28 Jan 2012] DSA-2301 rails - several vulnerabilities
[23 Jan 2012] DSA-2392 openssl - out-of-bounds read
[22 Jan 2012] DSA-2391 phpmyadmin - several vulnerabilities
[19 Jan 2012] DSA-2390 openssl - several vulnerabilities
[19 Jan 2012] DSA-2388 t1lib - several vulnerabilities
[14 Jan 2012] DSA-2387 simplesamlphp - insufficient input sanitation
[14 Jan 2012] DSA-2386 openttd - several vulnerabilities
[14 Jan 2012] DSA-2385 pdns - packet loop
[14 Jan 2012] DSA-2384 cacti - several vulnerabilities
[14 Jan 2012] DSA-2383 super - buffer overflow
[08 Jan 2012] DSA-2382 ecryptfs-utils - multiple vulnerabilities
[08 Jan 2012] DSA-2381 squid3 - invalid memory deallocation
[08 Jan 2012] DSA-2380 foomatic-filters - shell command injection
[08 Jan 2012] DSA-2379 krb5 - several vulnerabilities
[08 Jan 2012] DSA-2378 ffmpeg - several vulnerabilities
[08 Jan 2012] DSA-2377 cyrus-imapd-2.2 - NULL pointer dereference
[08 Jan 2011] DSA-2376 ipmitool - insecure PID file
[08 Jan 2011] DSA-2375 krb5, krb5-appl - buffer overflow
[08 Jan 2011] DSA-2374 openswan - implementation error
[25 Dec 2011] DSA-2373 inetutils - buffer overflow
[25 Dec 2011] DSA-2372 heimdal - buffer overflow
[25 Dec 2011] DSA-2371 jasper - buffer overflows
[25 Dec 2011] DSA-2370 unbound - several vulnerabilities
[25 Dec 2011] DSA-2369 libsoup2.4 - insufficient input sanitization
[25 Dec 2011] DSA-2368 lighttpd - multiple vulnerabilities
[25 Dec 2011] DSA-2367 asterisk - several vulnerabilities
[18 Dec 2011] DSA-2366 mediawiki - multiple vulnerabilities
[18 Dec 2011] DSA-2365 dtc - several vulnerabilities
[18 Dec 2011] DSA-2364 xorg - incorrect permission check
[18 Dec 2011] DSA-2363 tor - buffer overflow
[18 Dec 2011] DSA-2362 acpid - several vulnerabilities
[18 Dec 2011] DSA-2361 chasen - buffer overflow
[18 Dec 2011] DSA-2359 mojarra - EL injection
[03 Dec 2011] DSA-2356 openjdk-6 - several vulnerabilities
[03 Dec 2011] DSA-2355 clearsilver - format string vulnerability
[03 Dec 2011] DSA-2354 cups - several vulnerabilities
[03 Dec 2011] DSA-2353 ldns - buffer overflow
[03 Dec 2011] DSA-2352 puppet - programming error
[03 Dec 2011] DSA-2351 wireshark - buffer overflow
[03 Dec 2011] DSA-2350 freetype - missing input sanitising
[03 Dec 2011] DSA-2348 systemtap - several vulnerabilities
[03 Dec 2011] DSA-2339 nss - several vulnerabilities
[19 Nov 2011] DSA-2342 iceape - several vulnerabilities
[19 Nov 2011] DSA-2341 iceweasel - several vulnerabilities
[19 Nov 2011] DSA-2345 icedove - several vulnerabilities
[18 Nov 2011] DSA-2349 spip - several vulnerabilities
[18 Nov 2011] DSA-2347 bind9 - improper assert
[18 Nov 2011] DSA-2346 proftpd-dfsg - several vulnerabilities
[15 Nov 2011] DSA-2344 python-django-piston - deserialization vulnerability
[15 Nov 2011] DSA-2343 openssl - CA trust revocation
[13 Nov 2011] DSA-2340 postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing
[13 Nov 2011] DSA-2338 moodle - several vulnerabilities
[13 Nov 2011] DSA-2336 ffmpeg - several vulnerabilities
[13 Nov 2011] DSA-2337 xen - several vulnerabilities
[13 Nov 2011] DSA-2335 man2html - missing input sanitization
[05 Nov 2011] DSA-2334 mahara - several vulnerabilities
[05 Nov 2011] DSA-2333 phpldapadmin - several vulnerabilities
[05 Nov 2011] DSA-2332 python-django - several issues
[05 Nov 2011] DSA-2331 tor - several vulnerabilities
[05 Nov 2011] DSA-2330 simplesamlphp - XML encryption weakness
[05 Nov 2011] DSA-2329 torque - buffer overflow
[05 Nov 2011] DSA-2323 radvd - several vulnerabilities
[05 Nov 2011] DSA-2328 freetype - missing input sanitising
[05 Nov 2011] DSA-2327 libfcgi-perl - authentication bypass
[05 Nov 2011] DSA-2326 pam - several vulnerabilitie
[22 Oct 2011] DSA-2324 wireshark - programming error
[22 Oct 2011] DSA-2322 bugzilla - several vulnerabilities
[22 Oct 2011] DSA-2321 moin - cross-site scriptin
[08 Oct 2011] DSA-2318 cyrus-imapd-2.2 - multiple vulnerabilities
[08 Oct 2011] DSA-2317 icedove - several vulnerabilitie
[05 Oct 2011] DSA-2316 quagga - several vulnerabilities
[05 Oct 2011] DSA-2315 openoffice.org - multiple vulnerabilities
[05 Oct 2011] DSA-2314 puppet - multiple vulnerabilities
[02 Oct 2011] DSA-2312 iceape - several vulnerabilities
[01 Oct 2011] DSA-2313 iceweasel - several vulnerabilities
[28 Sep 2011] DSA-2311 openjdk-6 - several vulnerabilitie
[24 Sep 2011] DSA-2305 vsftpd - denial of servic
[17 Sep 2011] DSA-2309 openssl - compromised certificate authority
[17 Sep 2011] DSA-2308 mantis - several vulnerabilities
[17 Sep 2011] DSA-2307 chromium-browser - several vulnerabilities
[17 Sep 2011] DSA-2306 ffmpeg - several vulnerabilities
[17 Sep 2011] DSA-2304 squid3 - buffer overflow
[10 Sep 2011] DSA-2302 bcfg2 - missing input sanitization
[10 Sep 2011] DSA-2301 rails - several vulnerabilitie
[10 Sep 2011] DSA-2297 icedove - several vulnerabilities
[10 Sep 2011] DSA-2296 iceweasel - several vulnerabilities
[10 Sep 2011] DSA-2295 iceape - several vulnerabilitie
[05 Sep 2011] DSA-2298 apache2 - denial of service
[31 Aug 2011] DSA-2300 nss - compromised certificate authority
[31 Aug 2011] DSA-2299 ca-certificates - compromised certificate authority
[31 Aug 2011] DSA-2294 freetype - missing input sanitizing
[14 Aug 2011] DSA-2293 libxfont - buffer overflow
[14 Aug 2011] DSA-2292 isc-dhcp - denial of service
[14 Aug 2011] DSA-2291 squirrelmail - various vulnerabilities
[14 Aug 2011] DSA-2290 samba - cross-site scripting
[14 Aug 2011] DSA-2289 typo3-src - several vulnerabilities
[03 Aug 2011] DSA-2288 libsndfile - integer overflow
[03 Aug 2011] DSA-2287 libpng - several vulnerabilities
[03 Aug 2011] DSA-2286 phpymadmin - several vulnerabilities
[03 Aug 2011] DSA-2285 mapserver - several vulnerabilities
[03 Aug 2011] DSA-2284 opensaml2 - implementation error
[03 Aug 2011] DSA-2283 krb5-appl - programming error
[03 Aug 2011] DSA-2282 qemu-kvm - several vulnerabilities
[03 Aug 2011] DSA-2281 opie - several vulnerabilities
[03 Aug 2011] DSA-2280 libvirt - several vulnerabilities
[03 Aug 2011] DSA-2279 libapache2-mod-authnz-external - SQL injection
[10 Jul 2011] DSA-2277 xml-security-c - stack-based buffer overflow
[10 Jul 2011] DSA-2276 asterisk - multiple denial of service
[10 Jul 2011] DSA-2275 openoffice.org - stack-based buffer overflow
[10 Jul 2011] DSA-2274 wireshark - several vulnerabilities
[10 Jul 2011] DSA-2273 icedove - several vulnerabilities
[10 Jul 2011] DSA-2272 bind9 - denial of service
[10 Jul 2011] DSA-2269 iceape - several vulnerabilities
[09 Jul 2011] DSA-2268 iceweasel - several vulnerabilitie
[04 Jul 2011] DSA-2271 curl - improper delegation of client credentials
[04 Jul 2011] DSA-2270 qemu-kvm - programming error
[04 Jul 2011] DSA-2267 perl - restriction bypass
[04 Jul 2011] DSA-2266 php5 - several vulnerabilities
[04 Jul 2011] DSA-2265 perl - lack of tainted flag propagation
[19 Jun 2011] DSA-2263 movabletype-opensource - several vulnerabilities
[19 Jun 2011] DSA-2262 moodle - several vulnerabilities
[19 Jun 2011] DSA-2261 redmine - several vulnerabilities
[19 Jun 2011] DSA-2260 rails - several vulnerabilities
[19 Jun 2011] DSA-2259 fex - authentication bypass
[19 Jun 2011] DSA-2258 kolab-cyrus-imapd - implementation error
[10 Jun 2011] DSA-2257 vlc - heap-based buffer overflow
[09 Jun 2011] DSA-2256 tiff - buffer overflow
[07 Jun 2011] DSA-2255 libxml2 - buffer overflow
[05 Jun 2011] DSA-2245 chromium-browser - several vulnerabilities
[05 Jun 2011] DSA-2251 subversion - several vulnerabilitie
[04 Jun 2011] DSA-2254 oprofile - command injection
[04 Jun 2011] DSA-2252 dovecot - programming error
[04 Jun 2011] DSA-2247 rails - several vulnerabilities
[04 Jun 2011] DSA-2246 mahara - several vulnerabilities
[30 May 2011] DSA-2244 bind9 - incorrect boundary condition
[30 May 2011] DSA-2243 unbound - design flaw
[30 May 2011] DSA-2242 cyrus-imapd-2.2 - implementation error
[30 May 2011] DSA-2241 qemu-kvm - implementation error
[30 May 2011] DSA-2239 libmojolicious-perl - several vulnerabilities
[30 May 2011] DSA-2238 vino - several vulnerabilities
[30 May 2011] DSA-2237 apr - denial of service
[13 May 2011] DSA-2236 exim4 - command injection
[13 May 2011] DSA-2235 icedove - several vulnerabilities
[13 May 2011] DSA-2234 zodb - several vulnerabilities
[13 May 2011] DSA-2233 postfix - several vulnerabilities
[13 May 2011] DSA-2231 otrs2 - cross-site scripting
[13 May 2011] DSA-2230 qemu-kvm - several vulnerabilities
[13 May 2011] DSA-2229 spip - programming error
[13 May 2011] DSA-2226 libmodplug - buffer overflow
[08 May 2011] DSA-2228 iceweasel - several vulnerabilities
[08 May 2011] DSA-2227 iceape - several vulnerabilities
[30 Apr 2011] DSA-2225 asterisk - several vulnerabilities
[30 Apr 2011] DSA-2224 openjdk-6 - several vulnerabilities
[30 Apr 2011] DSA-2223 doctrine - SQL injection
[30 Apr 2011] DSA-2222 tinyproxy - incorrect ACL processing
[30 Apr 2011] DSA-2221 libmojolicious-perl - directory traversal
[30 Apr 2011] DSA-2220 request-tracker3.6, request-tracker3.8 - several vulnerabilities
[30 Apr 2011] DSA-2219 xmlsec1 - arbitrary file overwrite
[13 Apr 2011] DSA-2218 vlc - heap-based buffer overflow
[10 Apr 2011] DSA-2217 dhcp3 - missing input sanitization
[10 Apr 2011] DSA-2216 isc-dhcp - missing input sanitization
[10 Apr 2011] DSA-2215 gitolite - directory traversal
[10 Apr 2011] DSA-2214 ikiwiki - missing input validation
[10 Apr 2011] DSA-2213 x11-xserver-utils - missing input sanitization
[10 Apr 2011] DSA-2212 tmux - privilege escalation
[10 Apr 2011] DSA-2211 vlc - missing input sanitising
[05 Apr 2011] DSA-2210 tiff - several vulnerabilities
[05 Apr 2011] DSA-2209 tgt - double free
[30 Mar 2011] DSA-2203 nss - ssl certificate blacklist update
[30 Mar 2011] DSA-2208 bind9 - denial of service
[30 Mar 2011] DSA-2196 maradns - buffer overflow
[29 Mar 2011] DSA-2201 wireshark - several vulnerabilities
[29 Mar 2011] DSA-2205 gdm3 - privilege escalation
[29 Mar 2011] DSA-2198 tex-common - insufficient input sanitization
[29 Mar 2011] DSA-2197 quagga - denial of service
[29 Mar 2011] DSA-2195 php5 - several vulnerabilities
[29 Mar 2011] DSA-2194 libvirt - insufficient checks
[29 Mar 2011] DSA-2193 libcgroup - several vulnerabilities
[29 Mar 2011] DSA-2184 isc-dhcp - denial of service
[26 Mar 2011] DSA-2202 apache2 - failure to drop root privileges
[26 Mar 2011] DSA-2192 chromium-browser - several vulnerabilities
[26 Mar 2011] DSA-2181 subversion - denial of service
[25 Mar 2011] DSA-2200 iceweasel - ssl certificate blacklist update
[25 Mar 2011] DSA-2199 iceape - ssl certificate blacklist update
[13 Mar 2011] DSA-2188 webkit - several vulnerabilities
[12 Mar 2011] DSA-2185 proftpd-dfsg - integer overflow
[12 Mar 2011] DSA-2190 wordpress - several vulnerabilities
[10 Mar 2011] DSA-2189 chromium-browser - several vulnerabilities
[10 Mar 2011] DSA-2187 icedove - several vulnerabilities
[10 Mar 2011] DSA-2186 iceweasel - several vulnerabilities