linux.debian.announce.security
  Home FAQ Contact Sign in
linux.debian.announce.security only
 
Advanced search
April 2007
motuwethfrsasuw
      1 13
2345678 14
9101112131415 15
16171819202122 16
23242526272829 17
30       18
2007
 Jan   Feb   Mar   Apr 
 May   Jun   Jul   Aug 
 Sep   Oct   Nov   Dec 
2008 2007 2006  
total
linux.debian.announce.security Profile…
RELATED GROUPS

POPULAR GROUPS

more...
 Up
  [SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities         


Author: Moritz Muehlenhoff
Date: Apr 25, 2007 11:10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1281-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 25th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : clamav
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-1745 CVE-2007-1997 CVE-2007-2029

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-1745

It was discovered that a file descriptor leak in the CHM handler may
lead to denial of service.

CVE-2007-1997
Show full article (19.00Kb)
no comments
  [SECURITY] [DSA 1280-1] New aircrack-ng packages fix arbitrary code execution         


Author: Moritz Muehlenhoff
Date: Apr 24, 2007 13:50

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1280-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 24th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : aircrack-ng
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-2057

It was discovered that aircrack-ng, a WEP/WPA security analysis tool,
performs insufficient validation of 802.11 authentication packets, which
allows the execution of arbitrary code.

The oldstable distribution (sarge) doesn't contain aircrack-ng packages.

For the stable distribution (etch) this problem has been fixed in
version 0.6.2-7etch1.
Show full article (4.55Kb)
no comments
  [SECURITY] [DSA 1279-1] New webcalendar packages fix cross-site scripting         


Author: Moritz Muehlenhoff
Date: Apr 22, 2007 08:10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1279-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 22nd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : webcalendar
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-6669

It was discovered that WebCalendar, a PHP-based calendar application,
performs insufficient sanitising in the exports handler, which allows
injection of web script.

For the old stable distribution (sarge) this problem has been fixed in
version 0.9.45-4sarge7.

The stable distribution (etch) no longer contains WebCalendar packages.
Show full article (3.10Kb)
no comments
  [SECURITY] [DSA 1277-1] New XMMS packages fix arbitrary code execution         


Author: Noah Meyerhans
Date: Apr 4, 2007 15:10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1277-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
April 04, 2007
- ------------------------------------------------------------------------

Package : xmms
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-0654 CVE-2007-0653
BugTraq ID : 23078
Debian Bug : 416423

Multiple errors have been found in the skin handling routines in xmms,
the X Multimedia System. These vulnerabilities could allow an
attacker to run arbitrary code as the user running xmms by inducing
the victim to load specially crafted interface skin files.
Show full article (7.38Kb)
no comments
  [SECURITY] [DSA 1275-1] New zope2.7 packages fix cross-site scripting flaw         


Author: Noah Meyerhans
Date: Apr 2, 2007 16:30

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1275-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
April 02, 2007
- ------------------------------------------------------------------------

Package : zope2.7
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-0240
BugTraq ID : 23084
Debian Bug : 416500
Show full article (5.43Kb)
no comments
  [SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution         


Author: Noah Meyerhans
Date: Apr 2, 2007 05:20

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1274-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
April 02, 2007
- ------------------------------------------------------------------------

Package : file
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-1536
CERT advisory : 606700
BugTraq ID : 23021
Debian Bug : 415362 416678
Show full article (16.47Kb)
no comments