page content
RSS feed Debian security
This is the RSS feed imported from the following address : http://www.debian.org/security/dsa-long.en.rdf
DSA-2017 pulseaudio - insecure temporary directory
Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
15th of March 2010
read more about DSA-2017 pulseaudio - insecure temporary directoryDSA-2016 drupal6 - several vulnerabilities
Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework.
13th of March 2010
read more about DSA-2016 drupal6 - several vulnerabilitiesDSA-2014 moin - several vulnerabilities
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems:
12th of March 2010
read more about DSA-2014 moin - several vulnerabilitiesDSA-2013 egroupware - several vulnerabilities
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
11th of March 2010
read more about DSA-2013 egroupware - several vulnerabilitiesDSA-2012 linux-2.6 - privilege escalation/denial of service
Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
11th of March 2010
read more about DSA-2012 linux-2.6 - privilege escalation/denial of serviceDSA-2011 dpkg - path traversal
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
10th of March 2010
read more about DSA-2011 dpkg - path traversalDSA-2010 kvm - privilege escalation/denial of service
Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:
10th of March 2010
read more about DSA-2010 kvm - privilege escalation/denial of serviceDSA-2009 tdiary - insufficient input sanitising
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitising in the TrackBack transmission plugin.
9th of March 2010
read more about DSA-2009 tdiary - insufficient input sanitisingDSA-2008 typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.
8th of March 2010
read more about DSA-2008 typo3-src - several vulnerabilitiesDSA-2007 cups - format string vulnerability
Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
3rd of March 2010
read more about DSA-2007 cups - format string vulnerabilityDSA-2006 sudo - several vulnerabilities
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems:
2nd of March 2010
read more about DSA-2006 sudo - several vulnerabilitiesDSA-2004 samba - several vulnerabilities
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems:
28th of February 2010
read more about DSA-2004 samba - several vulnerabilitiesDSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date.
27th of February 2010
read more about DSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakDSA-2003 linux-2.6 - privilege escalation/denial of service
NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly.
22nd of February 2010
read more about DSA-2003 linux-2.6 - privilege escalation/denial of serviceDSA-2002 polipo - denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems:
19th of February 2010
read more about DSA-2002 polipo - denial of serviceDSA-2001 php5 - multiple vulnerabilities
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems:
19th of February 2010
read more about DSA-2001 php5 - multiple vulnerabilitiesDSA-2000 ffmpeg-debian - several vulnerabilities
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer:
18th of February 2010
read more about DSA-2000 ffmpeg-debian - several vulnerabilitiesDSA-1999 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
18th of February 2010
read more about DSA-1999 xulrunner - several vulnerabilitiesDSA-1998 kdelibs - buffer overflow
Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
17th of February 2010
read more about DSA-1998 kdelibs - buffer overflowDSA-1997 mysql-dfsg-5.0 - several vulnerabilities
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:
14th of February 2010
read more about DSA-1997 mysql-dfsg-5.0 - several vulnerabilities
