Section: .. / 0805-advisories /
| /// File Name: |
dsa-1569-2.txt |
Description:
|
Debian Security Advisory 1569-2 - The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
| | Homepage: | http://www.debian.org/security | | File Size: | 3253 | | Related CVE(s): | CVE-2008-0783, CVE-2008-0785 | | Last Modified: | May 6 16:39:48 2008 |
| MD5 Checksum: | 14da4de45a7965759e35ce4984df344d |
|
| /// File Name: |
dsa-1570-1.txt |
Description:
|
Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
| | Homepage: | http://www.debian.org/security | | File Size: | 4937 | | Related CVE(s): | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | May 6 16:44:01 2008 |
| MD5 Checksum: | 7c06871d3debf143c6fa695b70d15b23 |
|
| /// File Name: |
dsa-1571-1.txt |
Description:
|
Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
| | Homepage: | http://www.debian.org/security | | File Size: | 14589 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:10:24 2008 |
| MD5 Checksum: | 3519042f913d5ce265ca79a43a1d7f92 |
|
| /// File Name: |
dsa-1572-1.txt |
Description:
|
Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
| | Homepage: | http://www.debian.org/security | | File Size: | 40512 | | Related CVE(s): | CVE-2007-3806, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051 | | Last Modified: | May 12 10:39:51 2008 |
| MD5 Checksum: | 65c9c530978f313191386160ca68b3a9 |
|
| /// File Name: |
dsa-1573-1.txt |
Description:
|
Debian Security Advisory 1573-1 - Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.
| | Homepage: | http://www.debian.org/security | | File Size: | 5587 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | May 12 10:41:01 2008 |
| MD5 Checksum: | ba15a8cc0a3d8d809028c215d0f8f9a2 |
|
| /// File Name: |
dsa-1574-1.txt |
Description:
|
Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16567 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 | | Last Modified: | May 12 15:57:20 2008 |
| MD5 Checksum: | 88c086a46a80505846192144f8ae384e |
|
| /// File Name: |
dsa-1575-1.txt |
Description:
|
Debian Security Advisory 1575-1 - A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table.
| | Homepage: | http://www.debian.org/security | | File Size: | 36131 | | Related CVE(s): | CVE-2008-1669 | | Last Modified: | May 13 11:04:01 2008 |
| MD5 Checksum: | a095807a32a3fc4ee13e1e39f557b145 |
|
| /// File Name: |
dsa-1576-1.txt |
Description:
|
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
| | Homepage: | http://www.debian.org/security | | File Size: | 15197 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:50:46 2008 |
| MD5 Checksum: | a79fd4e6e656f73f69d8c73cf16f3723 |
|
| /// File Name: |
dsa-1577-1.txt |
Description:
|
Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 5237 | | Related CVE(s): | CVE-2008-0167 | | Last Modified: | May 15 03:51:39 2008 |
| MD5 Checksum: | 81f578fa45368e855560e91c2dd60d4e |
|
| /// File Name: |
glsa-200805-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4800 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | May 6 16:22:04 2008 |
| MD5 Checksum: | fbc502d5bf403437b5eb5c915a78fca3 |
|
| /// File Name: |
glsa-200805-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2828 | | Related CVE(s): | CVE-2008-1924 | | Last Modified: | May 6 16:22:30 2008 |
| MD5 Checksum: | f5057ea23bcd61d5a2859e06b80048e8 |
|
| /// File Name: |
glsa-200805-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4335 | | Related CVE(s): | CVE-2008-1142, CVE-2008-1692 | | Last Modified: | May 7 20:37:56 2008 |
| MD5 Checksum: | e7bce4b2f319f035e053ff26dbb0497a |
|
| /// File Name: |
glsa-200805-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3609 | | Related CVE(s): | CVE-2008-1502, CVE-2008-2041 | | Last Modified: | May 7 20:38:18 2008 |
| MD5 Checksum: | 0ef7dd1b359cd5c05af051363a60b6d3 |
|
| /// File Name: |
glsa-200805-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2857 | | Related CVE(s): | CVE-2008-1880 | | Last Modified: | May 9 13:52:37 2008 |
| MD5 Checksum: | 85f645f65baa0b3fe9c141d775831681 |
|
| /// File Name: |
glsa-200805-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4366 | | Last Modified: | May 9 13:53:07 2008 |
| MD5 Checksum: | b99107d7cc4efe620d3b52050bad0f8f |
|
| /// File Name: |
glsa-200805-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2399 | | Related CVE(s): | CVE-2008-1925 | | Last Modified: | May 9 13:53:32 2008 |
| MD5 Checksum: | cdb2393100a4faec5400559fd35ff0f8 |
|
| /// File Name: |
glsa-200805-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2956 | | Related CVE(s): | CVE-2008-1937 | | Last Modified: | May 12 10:37:50 2008 |
| MD5 Checksum: | f5912af55302350b385b5dd9c8aea1a1 |
|
| /// File Name: |
glsa-200805-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3170 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | May 12 10:41:29 2008 |
| MD5 Checksum: | 7cfec10bfa57130b88afb7bff74c84e3 |
|
| /// File Name: |
glsa-200805-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-11 - Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Versions less than 3.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3061 | | Last Modified: | May 12 18:26:45 2008 |
| MD5 Checksum: | d9d22fd1973d39963760ae4fd6fe5097 |
|
| /// File Name: |
glsa-200805-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3313 | | Related CVE(s): | CVE-2008-1102, CVE-2008-1103 | | Last Modified: | May 12 18:26:58 2008 |
| MD5 Checksum: | 448f5fac796df4e8c92d9693409be43e |
|
| /// File Name: |
glsa-200805-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-13 - Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 3.1.10_p20071203 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3730 | | Last Modified: | May 12 18:27:15 2008 |
| MD5 Checksum: | 15830348aa8fe782c793f470674bbf22 |
|
| /// File Name: |
glsa-200805-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3057 | | Related CVE(s): | CVE-2008-2080 | | Last Modified: | May 13 17:42:27 2008 |
| MD5 Checksum: | fb60597d6c2b729facceb809547eadbd |
|
| /// File Name: |
glsa-200805-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2415 | | Related CVE(s): | CVE-2008-2109 | | Last Modified: | May 15 03:49:12 2008 |
| MD5 Checksum: | a924bb8eeda8ff0dbe39e3cd31978d5e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
