|
|
 Up |
  |
Author: Florian WeimerFlorian Weimer
Date: May 13, 2008 05:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1571-1 security@ debian.org
http://www.debian.org/security/ Florian Weimer
May 13, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.
This is a Debian-specific vulnerability which does not affect other
operating systems which are not based on Debian. However, other systems
can be indirectly affected if weak keys are imported into them.
|
| Show full article (14.47Kb) |
|
| |
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: May 12, 2008 09:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1574-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icedove
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237
Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-1233
"moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
CVE-2007-5338 allow the execution of arbitrary code through
XPCNativeWrapper.
|
| Show full article (16.59Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 12, 2008 02:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1573-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 11, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : rdesktop
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1801 CVE-2008-1802 CVE-2008-1803
Debian Bug : 480133 480134 480135
Several remote vulnerabilities have been discovered in rdesktop, a
Remote Desktop Protocol client. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2008-1801
|
| Show full article (5.56Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 11, 2008 08:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1573-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 11, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : rdesktop
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1801 CVE-2008-1802 CVE-2008-1803
Debian Bug : 480133 480134 480135
Several remote vulnerabilities have been discovered in rdesktop, a
Remote Desktop Protocol client. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2008-1801
|
| Show full article (5.56Kb) |
|
no comments
|
|
|
Author: Steve KempSteve Kemp
Date: May 6, 2008 12:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1570-1 security@ debian.org
http://www.debian.org/security/ Steve Kemp
May 06, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kazehakase
Vulnerability : various
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768
Debian Bug : 464756
Andrews Salomon reported that kazehakase, a GTK+-base web browser that
allows pluggable rendering engines, contained an embedded copy of the
PCRE library in its source tree which was compiled in and used in preference
to the system-wide version of this library.
|
| Show full article (5.11Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 6, 2008 04:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1554-2 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 06, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : roundup
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1474
Debian Bug : 472643
Roundup, an issue tracking system, fails to properly escape HTML input,
allowing an attacker to inject client-side code (typically JavaScript)
into a document that may be viewed in the victim's browser.
For the stable distribution (etch), this problem has been fixed in version
1.2.1-5+etch2.
|
| Show full article (3.31Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 6, 2008 04:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1569-2 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 06, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cacti
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0783 CVE-2008-0785
The original update for cacti unfortunately introduced a regression.
Updated packages have been created to address this. For reference, the
full advisory text is quoted below.
It was discovered that Cacti, a systems and services monitoring frontend,
performed insufficient input sanitising, leading to cross site scripting
and SQL injection being possible.
|
| Show full article (3.42Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 5, 2008 09:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1569-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cacti
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0783 CVE-2008-0785
It was discovered that Cacti, a systems and services monitoring frontend,
performed insufficient input sanitising, leading to cross site scripting
and SQL injection being possible.
For the stable distribution (etch), this problem has been fixed in
version 0.8.6i-3.3.
For the unstable distribution (sid), this problem has been fixed in
version 0.8.7b-1.
|
| Show full article (3.24Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: May 5, 2008 09:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1568-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : b2evolution
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-0175
Debian Bug : 410568
"unsticky" discovered that b2evolution, a blog engine, performs
insufficient input sanitising, allowing for cross site scripting.
For the stable distribution (etch), this problem has been fixed in
version 0.9.2-3+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 0.9.2-4.
|
| Show full article (3.29Kb) |
|
no comments
|
|
|
|
|
Author: Devin CarrawayDevin Carraway
Date: May 5, 2008 08:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1567-1 security@ debian.org
http://www.debian.org/security/ Devin Carraway
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : blender
Vulnerability : buffer overrun
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1102
Stefan Cornelius discovered a vulnerability in the Radiance High
Dynamic Range (HDR) image parser in Blender, a 3D modelling
application. The weakness could enable a stack-based buffer overflow
and the execution of arbitrary code if a maliciously-crafted HDR file
is opened, or if a directory containing such a file is browsed via
Blender's image-open dialog.
|
| Show full article (5.36Kb) |
|
no comments
|
|
|
|
|
