contenu de la page
Flux RSS sécurité de debian
Ceci est le flux RSS importé de l'adresse suivante : http://www.debian.org/security/dsa-long.fr.rdf
DSA-1632 tiff - buffer underflow
Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
26 août 2008
lire plus sur DSA-1632 tiff - buffer underflowDSA-1631 libxml2 - denial of service
Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU and memory resources were exhausted.
22 août 2008
lire plus sur DSA-1631 libxml2 - denial of serviceDSA-1630 linux-2.6 - denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:
21 août 2008
lire plus sur DSA-1630 linux-2.6 - denial of service/information leakDSA-1629 postfix - programming error
Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.
19 août 2008
lire plus sur DSA-1629 postfix - programming errorDSA-1628 pdns - DNS response spoofing
Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead.
10 août 2008
lire plus sur DSA-1628 pdns - DNS response spoofingDSA-1627 opensc - programming error
Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN.
4 août 2008
lire plus sur DSA-1627 opensc - programming errorDSA-1626 httrack - buffer overflow
Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.
1 août 2008
lire plus sur DSA-1626 httrack - buffer overflowDSA-1625 cupsys - buffer overflows
Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems:
1 août 2008
lire plus sur DSA-1625 cupsys - buffer overflowsDSA-1624 libxslt - buffer overflows
Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
31 juillet 2008
lire plus sur DSA-1624 libxslt - buffer overflowsDSA-1623 dnsmasq - DNS cache poisoning
Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
31 juillet 2008
lire plus sur DSA-1623 dnsmasq - DNS cache poisoningDSA-1622 newsx - buffer overflow
It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
31 juillet 2008
lire plus sur DSA-1622 newsx - buffer overflow
