Section: .. / 0801-advisories /
| /// File Name: |
dsa-1464-1.txt |
Description:
|
Debian Security Advisory 1464-1 - Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged.
| | Homepage: | http://www.debian.org/security | | File Size: | 5160 | | Related CVE(s): | CVE-2007-6437 | | Last Modified: | Jan 16 00:53:14 2008 |
| MD5 Checksum: | d677d82ca889737546048691665795cc |
|
| /// File Name: |
dsa-1465-1.txt |
Description:
|
Debian Security Advisory 1465-1 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
| | Homepage: | http://www.debian.org/security | | File Size: | 2880 | | Related CVE(s): | CVE-2008-0302 | | Last Modified: | Jan 18 04:44:06 2008 |
| MD5 Checksum: | 4a76a6c200cfa119e85d92a4d859a153 |
|
| /// File Name: |
dsa-1465-2.txt |
Description:
|
Debian Security Advisory 1465-2 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to. This security update fixes a regression in the previous one, which caused the package to fail to work.
| | Homepage: | http://www.debian.org/security | | File Size: | 3199 | | Related CVE(s): | CVE-2008-0302 | | Last Modified: | Jan 18 04:44:45 2008 |
| MD5 Checksum: | 284a11895b6f28fb3f08d53c3fde9955 |
|
| /// File Name: |
dsa-1466-2.txt |
Description:
|
Debian Security Advisory 1466-2 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update fixes this problem and also references the patch for CVE-2008-0006, which was included in the previous update, but not mentioned in the advisory text.
| | Homepage: | http://www.debian.org/security | | File Size: | 15854 | | Related CVE(s): | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429 | | Last Modified: | Jan 21 20:21:58 2008 |
| MD5 Checksum: | baed4a1f21681eb7baf5690c042e6914 |
|
| /// File Name: |
dsa-1466-3.txt |
Description:
|
Debian Security Advisory 1466-3 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (Sarge) in addition to the fixed packages for Debian stable (Etch), which were provided in DSA 1466-2.
| | Homepage: | http://www.debian.org/security | | File Size: | 155974 | | Related CVE(s): | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006 | | Last Modified: | Jan 21 21:51:45 2008 |
| MD5 Checksum: | 4faf3d5bad176683b1d3e066158db73d |
|
| /// File Name: |
dsa-1469-1.txt |
Description:
|
Debian Security Advisory 1469-1 - Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 37730 | | Related CVE(s): | CVE-2007-4619, CVE-2007-6277 | | Last Modified: | Jan 21 20:32:35 2008 |
| MD5 Checksum: | 3bc08633ce6fa121390c3072edcff0c3 |
|
| /// File Name: |
dsa-1470-1.txt |
Description:
|
Debian Security Advisory 1470-1 - Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.
| | Homepage: | http://www.debian.org/security | | File Size: | 3087 | | Related CVE(s): | CVE-2007-6018 | | Last Modified: | Jan 21 20:53:39 2008 |
| MD5 Checksum: | 6c0a1a0119fd0fe26bfcd524c5cfe419 |
|
| /// File Name: |
dsa-1471-1.txt |
Description:
|
Debian Security Advisory 1471-1 - Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis.
| | Homepage: | http://www.debian.org/security | | File Size: | 19281 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029, CVE-2007-4066 | | Last Modified: | Jan 21 21:49:40 2008 |
| MD5 Checksum: | 18ce3d5a0178d5487d15fbac16479678 |
|
| /// File Name: |
dsa-1472-1.txt |
Description:
|
Debian Security Advisory 1472-1 - Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12944 | | Related CVE(s): | CVE-2008-0225 | | Last Modified: | Jan 21 21:50:48 2008 |
| MD5 Checksum: | 5fe521d4c0751ac6a64e78352522b815 |
|
| /// File Name: |
dsa-1473-1.txt |
Description:
|
Debian Security Advisory 1473-1 - Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 8365 | | Related CVE(s): | CVE-2007-6350, CVE-2007-6415 | | Last Modified: | Jan 21 21:53:18 2008 |
| MD5 Checksum: | ae621c9d27cd2c653fdf2d7e090d9c5c |
|
| /// File Name: |
dsa-1474-1.txt |
Description:
|
Debian Security Advisory 1474-1 - Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8360 | | Related CVE(s): | CVE-2007-6353 | | Last Modified: | Jan 24 00:19:45 2008 |
| MD5 Checksum: | 5c9d4faa07dd7534e4fb1bc754522876 |
|
| /// File Name: |
dsa-1475-1.txt |
Description:
|
Debian Security Advisory 1475-1 - Jose Ramon Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.
| | Homepage: | http://www.debian.org/security | | File Size: | 5321 | | Related CVE(s): | CVE-2007-0176 | | Last Modified: | Jan 27 22:02:52 2008 |
| MD5 Checksum: | 5154f4b406cba7657846a829fa882a0f |
|
| /// File Name: |
dsa-1476-1.txt |
Description:
|
Debian Security Advisory 1476-1 - Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 27058 | | Related CVE(s): | CVE-2008-0008 | | Last Modified: | Jan 27 22:03:54 2008 |
| MD5 Checksum: | 92d9e8da1f07a2d33fe9d8868861260e |
|
| /// File Name: |
dsa-1477-1.txt |
Description:
|
Debian Security Advisory 1477-1 - Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitizing, which could result in the execution of arbitrary shell commands if a malformed feed is read.
| | Homepage: | http://www.debian.org/security | | File Size: | 3156 | | Related CVE(s): | CVE-2007-5837 | | Last Modified: | Jan 27 22:04:34 2008 |
| MD5 Checksum: | 59de834c988ee581f088a9402a6a4a65 |
|
| /// File Name: |
dsa-1478-1.txt |
Description:
|
Debian Security Advisory 1478-1 - Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 13182 | | Related CVE(s): | CVE-2008-0226, CVE-2008-0227 | | Last Modified: | Jan 29 22:19:05 2008 |
| MD5 Checksum: | 71116870a6ad4fd404a9f8f5d3440e16 |
|
| /// File Name: |
flash-xss.txt |
Description:
|
Critical vulnerabilities exist in a large number of widely used web authoring tools that automatically generate Shockwave Flash (SWF) files, such as Adobe Dreamweaver, Adobe Acrobat Connect (formerly Macromedia Breeze), InfoSoft FusionCharts, and Techsmith Camtasia. The flaws render websites that host these generated SWF files vulnerable to cross site scripting.
| | Author: | Rich Cannings | | File Size: | 5605 | | Last Modified: | Jan 2 14:42:51 2008 |
| MD5 Checksum: | c2bcc38e7e78e0a5c5cb194a32db4fa0 |
|
| /// File Name: |
FreeBSD-SA-08-02.libc.txt |
Description:
|
FreeBSD Security Advisory - An off-by-one error in the inet_network() function could lead to memory corruption with certain inputs.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 4335 | | Related CVE(s): | CVE-2008-0122 | | Last Modified: | Jan 15 15:23:52 2008 |
| MD5 Checksum: | e0392834b11387459aade51caa04478c |
|
| /// File Name: |
glsa-200709-07-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200709-07:02 - Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server. Versions less than 1.6.18-r2 are affected. The unaffected ebuild, as reported in the original version of this Security Advisory, did not properly address all vulnerabilities.
| | Homepage: | http://security.gentoo.org | | File Size: | 2063 | | Related CVE(s): | CVE-2007-2807 | | Last Modified: | Jan 9 01:48:31 2008 |
| MD5 Checksum: | 0451ca7bc0bd2e4f9aae4afb529a0caa |
|
| /// File Name: |
glsa-200801-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-01 - Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Versions less than 1.0.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2548 | | Related CVE(s): | CVE-2007-6610 | | Last Modified: | Jan 9 01:48:46 2008 |
| MD5 Checksum: | 5a4b7ef50e8cfbe9aea4a2d098923aa5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
