|
|
 Up |
|
|
  |
Author: Thijs KinkhorstThijs Kinkhorst
Date: Sep 20, 2008 06:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1634-2 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordnet
Vulnerability : stack and heap overflows
Problem type : local (remote)
Debian-specific: no
CVE id(s) : CVE-2008-2149
Debian Bug : 481186 498855
A regression was discovered in the original patch addressing this issue
for WordNet, which this update fixes. For reference the text of the
original advisory follows.
|
| Show full article (7.48Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Sep 20, 2008 06:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1642-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : horde3
Vulnerability : cross site scripting
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3823
Will Drewry discovered that the Horde, allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting.
For the stable distribution (etch), this problem has been fixed in
version 3.1.3-4etch4.
For the testing distribution (lenny), this problem has been fixed in
version 3.2.1+debian0-2+lenny1.
|
| Show full article (3.31Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Sep 20, 2008 06:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1641-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 20, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : phpmyadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096
Several remote vulnerabilities have been discovered in phpMyAdmin, a
tool to administrate MySQL databases over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-4096
Remote authenticated users could execute arbitrary code on the
host running phpMyAdmin through manipulation of a script parameter.
CVE-2008-3457
|
| Show full article (3.85Kb) |
|
no comments
|
|
|
|
|
|
Author: Steve KempSteve Kemp
Date: Sep 19, 2008 12:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1639-1 security@ debian.org
http://www.debian.org/security/ Steve Kemp
September 19, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : twiki
Vulnerability : command execution
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3195
Debian Bug : 499534
It was discovered that twiki, a web based collaboration platform,
didn't properly sanitize the image parameter in its configuration script.
This could allow remote users to execute arbitrary commands upon the
system, or read any files which were readable by the webserver user.
For the stable distribution (etch), this problem has been fixed in version
1:4.0.5-9.1etch1.
|
| Show full article (3.05Kb) |
|
no comments
|
|
|
Author: Florian WeimerFlorian Weimer
Date: Sep 16, 2008 13:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1638-1 security@ debian.org
http://www.debian.org/security/ Florian Weimer
September 16, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssh
Vulnerability : remote
Problem type : unsafe signal handler
Debian-specific: no
CVE Id(s) : CVE-2008-4109
Debian Bug : 498678
It has been discovered that the signal handler implementing the login
timeout in Debian's version of the OpenSSH server uses functions which
are not async-signal-safe, leading to a denial of service
vulnerability (CVE-2008-4109).
|
| Show full article (12.47Kb) |
|
no comments
|
|
|
Author: Devin CarrawayDevin Carraway
Date: Sep 15, 2008 00:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1637-1 security@ debian.org
http://www.debian.org/security/ Devin Carraway
September 15, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : git-core
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-3546
Debian Bug : 494097
Multiple vulnerabilities have been identified in git-core, the core of
the git distributed revision control system. Improper path length
limitations in git's diff and grep functions, in combination with
maliciously crafted repositories or changes, could enable a stack
buffer overflow and potentially the execution of arbitrary code.
|
| Show full article (6.66Kb) |
|
no comments
|
|
|
Author: dann frazierdann frazier
Date: Sep 11, 2008 11:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1636-1 security@ debian.org
http://www.debian.org/security/ dann frazier
Sep 11, 2008 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526
CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915
Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or leak sensitive data. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2008-3272
|
| Show full article (26.96Kb) |
|
no comments
|
|
|
Author: Steve KempSteve Kemp
Date: Sep 10, 2008 13:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1635-1 security@ debian.org
http://www.debian.org/security/ Steve Kemp
September 10, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : freetype
Vulnerability : multiple
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1806 CVE-2008-1807 CVE-2008-1808
Several local vulnerabilities have been discovered in freetype,
a FreeType 2 font engine, which could allow the execution of arbitrary
code.
The Common Vulnerabilities and Exposures project identifies the
following problems:
|
| Show full article (10.09Kb) |
|
no comments
|
|
|
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Sep 1, 2008 12:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1634-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 01, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wordnet
Vulnerability : stack and heap overflows
Problem type : local (remote)
Debian-specific: no
CVE id(s) : CVE-2008-2149
Debian Bug : 481186
Rob Holland discovered several programming errors in WordNet, an
electronic lexical database of the English language. These flaws could
allow arbitrary code execution when used with untrusted input, for
example when WordNet is in use as a back end for a web application.
For the stable distribution (etch), these problems have been fixed in
version 1:2.1-4+etch1.
|
| Show full article (7.38Kb) |
|
no comments
|
|
|
|
|
