linux.debian.announce.security
  Home FAQ Contact Sign in
linux.debian.announce.security only
 
Advanced search
May 2008
motuwethfrsasuw
   1234 18
567891011 19
12131415161718 20
19202122232425 21
262728293031  22
2008
 Jan   Feb   Mar   Apr 
 May   Jun   Jul   Aug 
 Sep   Oct   Nov   Dec 
2008 2007 2006  
total
linux.debian.announce.security Profile…
RELATED GROUPS

POPULAR GROUPS

more...
 Up
  [SECURITY] [DSA 1569-1] New cacti packages fix multiple vulnerabilities         


Author: Thijs Kinkhorst
Date: May 5, 2008 09:10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1569-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : cacti
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0783 CVE-2008-0785

It was discovered that Cacti, a systems and services monitoring frontend,
performed insufficient input sanitising, leading to cross site scripting
and SQL injection being possible.

For the stable distribution (etch), this problem has been fixed in
version 0.8.6i-3.3.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.7b-1.
Show full article (3.24Kb)
no comments
  [SECURITY] [DSA 1568-1] New b2evolution packages fix cross site scripting         


Author: Thijs Kinkhorst
Date: May 5, 2008 09:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1568-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : b2evolution
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-0175
Debian Bug : 410568

"unsticky" discovered that b2evolution, a blog engine, performs
insufficient input sanitising, allowing for cross site scripting.

For the stable distribution (etch), this problem has been fixed in
version 0.9.2-3+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.9.2-4.
Show full article (3.29Kb)
no comments
  [SECURITY] [DSA 1567-1] New blender packages fix arbitrary code execution         


Author: Devin Carraway
Date: May 5, 2008 08:30

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1567-1 security@debian.org
http://www.debian.org/security/ Devin Carraway
May 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : blender
Vulnerability : buffer overrun
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1102

Stefan Cornelius discovered a vulnerability in the Radiance High
Dynamic Range (HDR) image parser in Blender, a 3D modelling
application. The weakness could enable a stack-based buffer overflow
and the execution of arbitrary code if a maliciously-crafted HDR file
is opened, or if a directory containing such a file is browsed via
Blender's image-open dialog.
Show full article (5.36Kb)
no comments