|
|
 Up |
|
|
  |
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 28, 2007 17:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1442-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 29, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libsndfile
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4974
Rubert Buchholz discovered that libsndfile, a library for reading /
writing audio files performs insufficient boundary checks when
processing FLAC files, which might lead to the execution of arbitrary
code.
For the stable distribution (etch), this problem has been fixed in
version 1.0.16-2.
The old stable distribution (sarge) is not affected by this problem.
|
| Show full article (8.58Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Dec 28, 2007 09:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1441-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 28, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : peercast
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-6454
Debian Bug : 457300
Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming
server, is vulnerable to a heap overflow in the HTTP server code, which
allows remote attackers to cause a denial of service and possibly execute
arbitrary code via a long SOURCE request.
For the stable distribution (etch), this problem has been fixed in
version 0.1217.toots.20060314-1etch0.
|
| Show full article (11.37Kb) |
|
| |
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 28, 2007 08:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1440-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 28, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : inotify-tools
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-5037
Debian Bug : 443913
It was discovered that a buffer overflow in the filename processing of
the inotify-tools, a command-line interface to inotify, may lead to
the execution of arbitrary code. This only affects the internal
library and none of the frontend tools shipped in Debian.
For the stable distribution (etch), this problem has been fixed in
version 3.3-2.
|
| Show full article (5.18Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Dec 28, 2007 08:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1439-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 28, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : typo3-src
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-6381
Debian Bug : 457446
Henning Pingel discovered that TYPO3, a web content management framework,
performs insufficient input sanitising, making it vulnerable to SQL
injection by logged-in backend users.
For the stable distribution (etch), this problem has been fixed in
version typo3-src 4.0.2+debian-4.
The old stable distribution (sarge) doesn't contain typo3-src.
|
| Show full article (3.39Kb) |
|
no comments
|
|
|
Author: Florian WeimerFlorian Weimer
Date: Dec 28, 2007 07:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1438-1 security@ debian.org
http://www.debian.org/security/ Florian Weimer
December 28, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : tar
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4131, CVE-2007-4476
Several vulnerabilities have been discovered in GNU Tar. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-4131
A directory traversal vulnerability enables attackers using
specially crafted archives to extract contents outside the
directory tree created by tar.
CVE-2007-4476
|
| Show full article (7.95Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Dec 27, 2007 13:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1405-3 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 1st, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : zope-cmfplone
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-5741
Debian Bug : 449523
The Plone developers discovered that their hotfix, released as DSA 1405,
introduced two regressions. This update corrects these flaws. For
completeness, the original advisory text below:
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
|
| Show full article (3.44Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 26, 2007 05:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1437-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cupsys
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-5849 CVE-2007-6358
Several local vulnerabilities have been discovered in the Common UNIX
Printing System. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-5849
Wei Wang discovered that an buffer overflow in the SNMP backend
may lead to the execution of arbitrary code.
CVE-2007-6358
|
| Show full article (17.73Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 19, 2007 09:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1435-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 19, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : clamav
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6335 CVE-2007-6336
Several remote vulnerabilities have been discovered in the Clam
anti-virus toolkit. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-6335
It was discovered that an integer overflow in the decompression code
for MEW archives may lead to the execution of arbitrary code.
CVE-2007-6336
|
| Show full article (16.33Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 8, 2007 04:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1425-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-5947
Jesse Ruderman and Petko D. Petkov discovered that the URI handler
for JAR archives allows cross-site scripting.
CVE-2007-5959
|
| Show full article (29.93Kb) |
|
no comments
|
|
|
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Dec 8, 2007 03:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1424-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : iceweasel
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-5947
Jesse Ruderman and Petko D. Petkov discovered that the URI handler
for JAR archives allows cross-site scripting.
CVE-2007-5959
|
| Show full article (10.52Kb) |
|
no comments
|
|
|
|
|
|
|
