Seiteninhalt
RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
DSA-2711 haproxy - several vulnerabilities
Multiple security issues have been found in HAProxy, a load-balancing reverse proxy:
19 Juni 2013
lese mehr über DSA-2711 haproxy - several vulnerabilitiesDSA-2710 xml-security-c - several vulnerabilities
James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems:
18 Juni 2013
lese mehr über DSA-2710 xml-security-c - several vulnerabilitiesDSA-2698 tiff - buffer overflow
Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion.
18 Juni 2013
lese mehr über DSA-2698 tiff - buffer overflowDSA-2628 nss-pam-ldapd - buffer overflow
Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.
18 Juni 2013
lese mehr über DSA-2628 nss-pam-ldapd - buffer overflowDSA-2709 wireshark - several vulnerabilities
Multiple vulnerabilities were discovered in the dissectors for CAPWAP, GMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave file parser, which could result in denial of service or the execution of arbitrary code.
17 Juni 2013
lese mehr über DSA-2709 wireshark - several vulnerabilitiesDSA-2708 fail2ban - denial of service
Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall.
16 Juni 2013
lese mehr über DSA-2708 fail2ban - denial of serviceDSA-2707 dbus - denial of service
Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.
13 Juni 2013
lese mehr über DSA-2707 dbus - denial of serviceDSA-2706 chromium-browser - several vulnerabilities
Several vulnerabilities have been discovered in the Chromium web browser.
10 Juni 2013
lese mehr über DSA-2706 chromium-browser - several vulnerabilitiesDSA-2705 pymongo - denial of service
Jibbers McGee discovered that PyMongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability.
10 Juni 2013
lese mehr über DSA-2705 pymongo - denial of serviceDSA-2704 mesa - out of bounds access
It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets.
9 Juni 2013
lese mehr über DSA-2704 mesa - out of bounds accessDSA-2703 subversion - several vulnerabilities
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
9 Juni 2013
lese mehr über DSA-2703 subversion - several vulnerabilitiesDSA-2702 telepathy-gabble - TLS verification bypass
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
3 Juni 2013
lese mehr über DSA-2702 telepathy-gabble - TLS verification bypassDSA-2700 wireshark - several vulnerabilities
Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code.
2 Juni 2013
lese mehr über DSA-2700 wireshark - several vulnerabilitiesDSA-2699 iceweasel - several vulnerabilities
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting.
2 Juni 2013
lese mehr über DSA-2699 iceweasel - several vulnerabilitiesDSA-2701 krb5 - denial of service
It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition.
29 May 2013
lese mehr über DSA-2701 krb5 - denial of serviceDSA-2697 gnutls26 - out-of-bounds array read
It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding.
29 May 2013
lese mehr über DSA-2697 gnutls26 - out-of-bounds array readDSA-2696 otrs2 - privilege escalation
A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information.
29 May 2013
lese mehr über DSA-2696 otrs2 - privilege escalationDSA-2695 chromium-browser - several issues
Several vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.
29 May 2013
lese mehr über DSA-2695 chromium-browser - several issuesDSA-2694 spip - privilege escalation
A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.
26 May 2013
lese mehr über DSA-2694 spip - privilege escalationDSA-2693 libx11 - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
24 May 2013
lese mehr über DSA-2693 libx11 - several vulnerabilitiesDSA-2675 libxvmc - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
24 May 2013
lese mehr über DSA-2675 libxvmc - several vulnerabilitiesDSA-2692 libxxf86vm - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2692 libxxf86vm - several vulnerabilitiesDSA-2691 libxinerama - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2691 libxinerama - several vulnerabilitiesDSA-2690 libxxf86dga - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2690 libxxf86dga - several vulnerabilitiesDSA-2689 libxtst - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2689 libxtst - several vulnerabilitiesDSA-2688 libxres - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2688 libxres - several vulnerabilitiesDSA-2687 libfs - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2687 libfs - several vulnerabilitiesDSA-2686 libxcb - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2686 libxcb - several vulnerabilitiesDSA-2685 libxp - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2685 libxp - several vulnerabilitiesDSA-2684 libxrandr - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2684 libxrandr - several vulnerabilitiesDSA-2683 libxi - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2683 libxi - several vulnerabilitiesDSA-2682 libxext - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2682 libxext - several vulnerabilitiesDSA-2681 libxcursor - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2681 libxcursor - several vulnerabilitiesDSA-2680 libxt - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2680 libxt - several vulnerabilitiesDSA-2679 xserver-xorg-video-openchrome - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2679 xserver-xorg-video-openchrome - several vulnerabilitiesDSA-2678 mesa - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2678 mesa - several vulnerabilitiesDSA-2677 libxrender - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2677 libxrender - several vulnerabilitiesDSA-2676 libxfixes - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2676 libxfixes - several vulnerabilitiesDSA-2674 libxv - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2674 libxv - several vulnerabilitiesDSA-2673 libdmx - several vulnerabilities
Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
23 May 2013
lese mehr über DSA-2673 libdmx - several vulnerabilitiesDSA-2672 kfreebsd-9 - interpretation conflict
Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution.
22 May 2013
lese mehr über DSA-2672 kfreebsd-9 - interpretation conflictDSA-2671 request-tracker4 - several vulnerabilities
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:
22 May 2013
lese mehr über DSA-2671 request-tracker4 - several vulnerabilitiesDSA-2670 request-tracker3.8 - several vulnerabilities
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:
22 May 2013
lese mehr über DSA-2670 request-tracker3.8 - several vulnerabilities
