|
|
 Up |
|
|
  |
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Apr 30, 2008 10:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1563-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 30, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : asterisk
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1897
Joel R. Voss discovered that the IAX2 module of Asterisk, a free
software PBX and telephony toolkit performs insufficient validation of
IAX2 protocol messages, which may lead to denial of service.
For the stable distribution (etch), this problem has been fixed in
version 1.2.13~dfsg-2etch4.
For the unstable distribution (sid), this problem has been fixed
in version 1.4.19.1~dfsg-1.
|
| Show full article (9.82Kb) |
|
| |
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Apr 28, 2008 13:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1562-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : iceape
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1380
It was discovered that crashes in the Javascript engine of Iceape,
an unbranded version of the Seamonkey internet suite could
potentially lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 1.0.13~pre080323b-0etch3.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.9-2.
|
| Show full article (16.61Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Apr 28, 2008 06:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1561-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ldm
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1293
Debian Bug : 469462
Christian Herzog discovered that within the Linux Terminal Server Project,
it was possible to connect to X on any LTSP client from any host on the
network, making client windows and keystrokes visible to that host.
NOTE: most ldm installs are likely to be in a chroot environment exported
over NFS, and will not be upgraded merely by upgrading the server itself.
For example, on the i386 architecture, to upgrade ldm will likely require:
|
| Show full article (5.91Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Apr 28, 2008 03:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1560-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kronolith2
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
Debian Bug : 478121
"The-0utl4w" discovered that the Kronolith, calendar component for
the Horde Framework, didn't properly sanitise URL input, leading to
a cross-site scripting vulnerability in the add event screen.
For the stable distribution (etch), this problem has been fixed in
version 2.1.4-1etch1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your kronolith2 package.
|
| Show full article (3.26Kb) |
|
no comments
|
|
|
Author: Florian WeimerFlorian Weimer
Date: Apr 27, 2008 02:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1556-2 security@ debian.org
http://www.debian.org/security/ Florian Weimer
April 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : perl
Vulnerability : heap buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-1927
Debian Bug : 454792
An editorial mistake resulted in DSA-1556-1 not correctly applying the
required change, making it ineffective. This DSA has been reissued as
DSA-1556-2. We apologize for the inconvenience. The text of the
original DSA follows.
|
| Show full article (13.36Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Apr 27, 2008 01:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1559-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : phpgedview
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5051
Debian Bug : 443901
It was discovered that phpGedView, an application to provide online access
to genealogical data, performed insufficient input sanitising on some
parameters, making it vulnerable to cross site scripting.
For the stable distribution (etch), this problem has been fixed in version
4.0.2.dfsg-3.
|
| Show full article (3.83Kb) |
|
no comments
|
|
|
Author: Martin SchulzeMartin Schulze
Date: Apr 27, 2008 01:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1492-2 security@ debian.org
http://www.debian.org/security/ Martin Schulze
April 27th, 2008 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : wml
Vulnerability : insecure temporary files
Problem type : local
Debian-specific: no
CVE IDs : CVE-2008-0665 CVE-2008-0666
Debian Bugs : 463907 471345
The security update DSA 1492-1 fixed the security problem below but
introduced a new problem by not removing temporary directories in the
ipp backend. This update corrects this.
For completeness here is the original advisory text:
|
| Show full article (5.18Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Apr 24, 2008 14:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1558-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1380
It was discovered that crashes in the Javascript engine of xulrunner,
the Gecko engine library, could potentially lead to the execution of
arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 1.8.0.15~pre080323b-0etch2.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.1.14-1.
|
| Show full article (27.09Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Apr 24, 2008 14:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1534-2 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : iceape
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
CVE-2008-1241
A regression in mailnews handling has been fixed. For reference the
original advisory text below:
Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
|
| Show full article (18.51Kb) |
|
no comments
|
|
|
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Apr 24, 2008 13:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1557-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : phpmyadmin
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1149 CVE-2008-1567 CVE-2008-1924
Several remote vulnerabilities have been discovered in phpMyAdmin,
an application to administrate MySQL over the WWW. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-1924
Attackers with CREATE table permissions were allowed to read
arbitrary files readable by the webserver via a crafted
HTTP POST request.
|
| Show full article (3.84Kb) |
|
no comments
|
|
|
|
|
|
|
