|
|
 Up |
|
|
  |
Author: Thijs KinkhorstThijs Kinkhorst
Date: Mar 31, 2008 14:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1536-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 31, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xine-lib
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486
CVE-2008-1161
Debian Bug : 464696
Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
execution, which could be exploited through viewing malicious content.
The Common Vulnerabilities and Exposures project identifies the following
problems:
|
| Show full article (14.50Kb) |
|
| |
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Mar 30, 2008 05:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1535-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 30, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : iceweasel
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
CVE-2008-1241
Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2007-4879
|
| Show full article (10.72Kb) |
|
| |
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Mar 29, 2008 13:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1531-2 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 29, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : policyd-weight
Vulnerability : insecurity temporary files
Problem type : local
Debian-specific: no
The previous update for policyd-weight was unfortunately not complete.
Updated packages have been released that fully address the vulnerability.
For reference the original advisory follows.
Chris Howells discovered that policyd-weight, a policy daemon for the Postfix
mail transport agent, created its socket in an insecure way, which may be
exploited to overwrite or remove arbitary files from the local system.
For the stable distribution (etch), this problem has been fixed in version
0.1.14-beta-6etch2.
|
| Show full article (3.62Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Mar 28, 2008 07:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1534-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : iceape
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
CVE-2008-1241
Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-4879
|
| Show full article (16.41Kb) |
|
no comments
|
|
|
Author: Devin CarrawayDevin Carraway
Date: Mar 27, 2008 15:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1533-1 security@ debian.org
http://www.debian.org/security/ Devin Carraway
March 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : exiftags
Vulnerability : insufficient input sanitizing
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Debian Bug : 457062
Christian Schmid and Meder Kydyraliev (Google Security) discovered a
number of vulnerabilities in exiftags, a utility for extracting EXIF
metadata from JPEG images. The Common Vulnerabilities and Exposures
project identified the following three problems:
CVE-2007-6354
|
| Show full article (5.19Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Mar 27, 2008 15:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1532-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
CVE-2008-1241
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-4879
|
| Show full article (26.83Kb) |
|
no comments
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Mar 27, 2008 08:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1531-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : policyd-weight
Vulnerability : insecurity temporary files
Problem type : local
Debian-specific: no
Chris Howells discovered that policyd-weight, a policy daemon for the Postfix
mail transport agent, created its socket in an insecure way, which may be
exploited to overwrite or remove arbitary files from the local system.
For the stable distribution (etch), this problem has been fixed in version
0.1.14-beta-6etch1.
The old stable distribution (sarge) does not contain a policyd-weight package.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your policyd-weight package.
|
| Show full article (3.43Kb) |
|
no comments
|
|
|
Author: Moritz MuehlenhoffMoritz Muehlenhoff
Date: Mar 27, 2008 05:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1529-1 security@ debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : firebird2
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664
CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668
CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606
CVE-2006-7212 CVE-2006-7213 CVE-2006-7214
Debian Bug(s) : 362001 432753 444976 441405 460048 463596
Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of service.
|
| Show full article (3.38Kb) |
|
no comments
|
|
|
Author: Noah MeyerhansNoah Meyerhans
Date: Mar 25, 2008 08:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1530-1 security@ debian.org
http://www.debian.org/security/ Noah Meyerhans
March 25, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cupsys
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0047 CVE-2008-0882
Debian Bug : 472105 467653
Several local/remote vulnerabilities have been discovered in cupsys, the
Common Unix Printing System. The Common Vulnerabilities and Exposures
project identifies the following problems:
|
| Show full article (15.23Kb) |
|
no comments
|
|
|
|
|
|
Author: Thijs KinkhorstThijs Kinkhorst
Date: Mar 24, 2008 10:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1528-1 security@ debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : serendipity
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6205 CVE-2008-0124
BugTraq ID : 28298
Debian Bug : 469667
Peter Hüwe and Hanno Böck discovered that Serendipity, a weblog manager,
did not properly sanitise input to several scripts which allowed for
cross site scripting.
For the stable distribution (etch), this problem has been fixed in version
1.0.4-1+etch1.
|
| Show full article (3.42Kb) |
|
no comments
|
|
|
|
|
|
|
