-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1343-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 31th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : file
Vulnerability : integer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2007-2799

Colin Percival discovered an integer overflow in file, a file type
classification tool, which may lead to the execution of arbitrary code.

For the oldstable distribution (sarge) this problem has been fixed in
version 4.12-1sarge2.

For the stable distribution (etch) this problem has been fixed in
version 4.17-5etch2.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1342-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 30th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : xfs
Vulnerability : race condition
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2007-3103

It was discovered that a race condition in the init.d script of the X Font
Server allows the modification of file permissions of arbitrary files if
the local administrator can be tricked into restarting the X font server.

For the oldstable distribution (sarge) xfs is present as part of the
monolithic xfree86 package. A fix will be provided along with a future
security update.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1341-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 25th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : bind9
Vulnerability : design error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-2926

Amit Klein discovered that the BIND name server generates predictable
DNS query IDs, which may lead to cache poisoning attacks.

An update for the oldstable distribution (sarge) is in preparation. It
will be released soon.

For the stable distribution (etch) this problem has been fixed in
version 9.3.4-2etch1. An update for mips is not yet available, it will
be released soon.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1340-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 24th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : clamav
Vulnerability : null pointer dereference
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3725

A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.

We are currently unable to provide fixed packages for the MIPS
architectures. Those packages will be installed in the security
archive when they become available.

The old stable distribution (sarge) is not affected by this problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1339-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23rd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : iceape
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1338-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23rd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : iceweasel
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1337-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 22nd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1336-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 22nd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mozilla-firefox
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077

Several remote vulnerabilities have been discovered in Mozilla Firefox.

This will be the last security update of Mozilla-based products for
the oldstable (sarge) distribution of Debian. We recommend to upgrade
to stable (etch) as soon as possible.

The Common Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2007-1282

Moritz Muehlenhoff escribió: