page content
RSS feed Debian security
This is the RSS feed imported from the following address : http://www.debian.org/security/dsa-long.en.rdf
DSA-1824 phpmyadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
25th of June 2009
read more about DSA-1824 phpmyadmin - several vulnerabilitiesDSA-1823 samba - several vulnerabilities
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems:
25th of June 2009
read more about DSA-1823 samba - several vulnerabilitiesDSA-1822 mahara - insufficient input sanitization
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users.
23rd of June 2009
read more about DSA-1822 mahara - insufficient input sanitizationDSA-1821 amule - insufficient input sanitising
Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player.
22nd of June 2009
read more about DSA-1821 amule - insufficient input sanitisingDSA-1820 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
18th of June 2009
read more about DSA-1820 xulrunner - several vulnerabilitiesDSA-1819 vlc - several vulnerabilities
Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems:
18th of June 2009
read more about DSA-1819 vlc - several vulnerabilitiesDSA-1818 gforge - insufficient input sanitising
Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks.
18th of June 2009
read more about DSA-1818 gforge - insufficient input sanitisingDSA-1817 ctorrent - stack-based buffer overflow
Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file.
17th of June 2009
read more about DSA-1817 ctorrent - stack-based buffer overflowDSA-1816 apache2 - insufficient security check
It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive:
16th of June 2009
read more about DSA-1816 apache2 - insufficient security checkDSA-1815 libtorrent-rasterbar - programming error
It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
14th of June 2009
read more about DSA-1815 libtorrent-rasterbar - programming errorDSA-1814 libsndfile - heap-based buffer overflow
Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. The Common Vulnerabilities and Exposures project identified the following problems:
13th of June 2009
read more about DSA-1814 libsndfile - heap-based buffer overflowDSA-1813 evolution-data-server - Several vulnerabilities
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems:
8th of June 2009
read more about DSA-1813 evolution-data-server - Several vulnerabilitiesDSA-1812 apr-util - denial of service
Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util:
4th of June 2009
read more about DSA-1812 apr-util - denial of serviceDSA-1811 cups, cupsys - null ptr dereference
Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
2nd of June 2009
read more about DSA-1811 cups, cupsys - null ptr dereferenceDSA-1810 libapache-mod-jk - information disclosure
An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated requests very quickly, one client could obtain a response intended for another client.
2nd of June 2009
read more about DSA-1810 libapache-mod-jk - information disclosureDSA-1808 drupal6 - insufficient input sanitising
Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework. It is also possible that certain browsers using the UTF-7 encoding are vulnerable to a different cross-site scripting vulnerability.
1st of June 2009
read more about DSA-1808 drupal6 - insufficient input sanitisingDSA-1807 cyrus-sasl2, cyrus-sasl2-heimdal - buffer overflow
James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.
1st of June 2009
read more about DSA-1807 cyrus-sasl2, cyrus-sasl2-heimdal - buffer overflow
