Seiteninhalt
RSS feed Debian security
This is the RSS feed imported from the following address : http://www.debian.org/security/dsa-long.en.rdf
DSA-2101 wireshark - several vulnerabilities
Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code.
31 August 2010
lese mehr über DSA-2101 wireshark - several vulnerabilitiesDSA-2100 openssl - double free
George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code.
30 August 2010
lese mehr über DSA-2100 openssl - double freeDSA-2099 openoffice.org - buffer overflows
Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
30 August 2010
lese mehr über DSA-2099 openoffice.org - buffer overflowsDSA-2098 typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory.
29 August 2010
lese mehr über DSA-2098 typo3-src - several vulnerabilitiesDSA-2097 phpmyadmin - insufficient input sanitising
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
29 August 2010
lese mehr über DSA-2097 phpmyadmin - insufficient input sanitisingDSA-2096 zope-ldapuserfolder - missing input validation
Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to gain administrative access to the Zope instance, by providing an arbitrary password.
24 August 2010
lese mehr über DSA-2096 zope-ldapuserfolder - missing input validationDSA-2095 lvm2 - insecure communication protocol
Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service.
23 August 2010
lese mehr über DSA-2095 lvm2 - insecure communication protocolDSA-2094 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
19 August 2010
lese mehr über DSA-2094 linux-2.6 - privilege escalation/denial of service/information leakDSA-2093 ghostscript - several vulnerabilities
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems:
19 August 2010
lese mehr über DSA-2093 ghostscript - several vulnerabilitiesDSA-2091 squirrelmail - No user-specific token implemented
SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.
12 August 2010
lese mehr über DSA-2091 squirrelmail - No user-specific token implementedDSA-2090 socat - incorrect user-input validation
A stack overflow vulnerability was found in socat that allows an attacker to execute arbitrary code with the privileges of the socat process.
6 August 2010
lese mehr über DSA-2090 socat - incorrect user-input validationDSA-2089 php5 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems:
6 August 2010
lese mehr über DSA-2089 php5 - several vulnerabilitiesDSA-2088 wget - missing input sanitization
It was discovered that wget, a command line tool for downloading files from the WWW, uses server-provided file names when creating local files. This may lead to code execution in some scenarios.
5 August 2010
lese mehr über DSA-2088 wget - missing input sanitizationDSA-2087 cabextract - programming error
It was discovered that a programming error in the archive test mode of cabextract, a program to extract Microsoft Cabinet files, could lead to the execution of arbitrary code.
4 August 2010
lese mehr über DSA-2087 cabextract - programming errorDSA-2086 avahi - several vulnerabilities
Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon. The Common Vulnerabilities and Exposures project identifies the following problems:
4 August 2010
lese mehr über DSA-2086 avahi - several vulnerabilitiesDSA-2085 lftp - missing input validation
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory).
3 August 2010
lese mehr über DSA-2085 lftp - missing input validationDSA-2084 tiff - integer overflows
Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code.
3 August 2010
lese mehr über DSA-2084 tiff - integer overflowsDSA-2083 moin - missing input sanitization
It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting (XSS) attacks for example via the template parameter.
2 August 2010
lese mehr über DSA-2083 moin - missing input sanitizationDSA-2082 gmime2.2 - buffer overflow
It was discovered that a buffer overflow in the MIME library GMime might lead to the execution of arbitrary code.
2 August 2010
lese mehr über DSA-2082 gmime2.2 - buffer overflowDSA-2081 libmikmod - buffer overflow
Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package.
1 August 2010
lese mehr über DSA-2081 libmikmod - buffer overflowDSA-2080 ghostscript - several vulnerabilities
Several security issues have been discovered in Ghostscript, a GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file.
1 August 2010
lese mehr über DSA-2080 ghostscript - several vulnerabilities
