Section: .. / 0907-advisories /
| /// File Name: |
dsa-1834-1.txt |
Description:
|
Debian Security Advisory 1834 - A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch".
| | Homepage: | http://www.debian.org/security | | File Size: | 39018 | | Related CVE(s): | CVE-2009-1890, CVE-2009-1891 | | Last Modified: | Jul 16 17:19:17 2009 |
| MD5 Checksum: | 9da6d0c2e0678b33ca52d85bf0085aec |
|
| /// File Name: |
dsa-1834-2.txt |
Description:
|
Debian Security Advisory 1834-2 - The previous update caused a regression for apache2 in Debian 4.0 "etch". Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.
| | Homepage: | http://www.debian.org/security | | File Size: | 19919 | | Related CVE(s): | CVE-2009-1890, CVE-2009-1891 | | Last Modified: | Jul 30 18:11:42 2009 |
| MD5 Checksum: | 9ca2a901ffd9844bf8fc9e3f696d6691 |
|
| /// File Name: |
dsa-1835-1.txt |
Description:
|
Debian Security Advisory 1835-1 - Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF).
| | Homepage: | http://www.debian.org/security | | File Size: | 22220 | | Related CVE(s): | CVE-2009-2285, CVE-2009-2347 | | Last Modified: | Jul 16 17:20:00 2009 |
| MD5 Checksum: | dd1a0b2fba3b09d64fc647da4eb752fc |
|
| /// File Name: |
dsa-1836-1.txt |
Description:
|
Debian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 2993 | | Related CVE(s): | CVE-2009-2265 | | Last Modified: | Jul 17 15:02:57 2009 |
| MD5 Checksum: | f9520499df58ca3be0dcaf5a6e51cd73 |
|
| /// File Name: |
dsa-1837-1.txt |
Description:
|
Debian Security Advisory 1837-1 - It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1.
| | Homepage: | http://www.debian.org/security | | File Size: | 17064 | | Related CVE(s): | CVE-2009-1189 | | Last Modified: | Jul 20 13:47:27 2009 |
| MD5 Checksum: | 22a904985601ab5cfd2f3160c8861749 |
|
| /// File Name: |
dsa-1838-1.txt |
Description:
|
Debian Security Advisory 1838-1 - Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 49666 | | Related CVE(s): | CVE-2009-1894 | | Last Modified: | Jul 20 13:49:07 2009 |
| MD5 Checksum: | bc263c946b1c8c110d5c8ef249b6870c |
|
| /// File Name: |
dsa-1839-1.txt |
Description:
|
Debian Security Advisory 1839-1 - It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16323 | | Related CVE(s): | CVE-2009-1932 | | Last Modified: | Jul 20 13:53:07 2009 |
| MD5 Checksum: | 2120720a57524b35a45cfa8897de3857 |
|
| /// File Name: |
dsa-1840-1.txt |
Description:
|
Debian Security Advisory 1840-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 20030 | | Related CVE(s): | CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472 | | Last Modified: | Jul 23 10:44:01 2009 |
| MD5 Checksum: | 71ee294b583dce4a5b3cc443401de417 |
|
| /// File Name: |
dsa-1841-1.txt |
Description:
|
Debian Security Advisory 1841-1 - It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.
| | Homepage: | http://www.debian.org/security | | File Size: | 10034 | | Related CVE(s): | CVE-2009-2108 | | Last Modified: | Jul 27 21:13:52 2009 |
| MD5 Checksum: | 7783ca80e18d95e34ddc066cb7756266 |
|
| /// File Name: |
dsa-1843-1.txt |
Description:
|
Debian Security Advisory 1843-1 - It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses.
| | Homepage: | http://www.debian.org/security | | File Size: | 9179 | | Last Modified: | Jul 28 14:32:38 2009 |
| MD5 Checksum: | 94fd997e91ef5270bd2fb45a88b8902d |
|
| /// File Name: |
dsa-1846-1.txt |
Description:
|
Debian Security Advisory 1846-1 - Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
| | Homepage: | http://www.debian.org/security | | File Size: | 3290 | | Related CVE(s): | CVE-2009-2287 | | Last Modified: | Jul 29 14:59:10 2009 |
| MD5 Checksum: | 66631e4c0650abb5152278bd60e2236d |
|
| /// File Name: |
dsa-1847-1.txt |
Description:
|
Debian Security Advisory 1847-1 - It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.
| | Homepage: | http://www.debian.org/security | | File Size: | 38890 | | Related CVE(s): | CVE-2009-0696 | | Last Modified: | Jul 29 15:10:06 2009 |
| MD5 Checksum: | 859f0349847e0bccad27018d1b8bbfda |
|
| /// File Name: |
dzcore-2009-001-advisory.txt |
Description:
|
VLC versions 1.0.0 and below suffer from an integer underflow.
| | Author: | tix | | File Size: | 5517 | | Last Modified: | Jul 27 21:47:23 2009 |
| MD5 Checksum: | 94dc6c3bcdb5c9e8157c104e187f88a8 |
|
| /// File Name: |
FGA-2009-27.txt |
Description:
|
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 3054 | | Related CVE(s): | CVE-2009-1136 | | Last Modified: | Jul 14 14:19:47 2009 |
| MD5 Checksum: | 4d075e76c6de222b3a0822e2c095bd1d |
|
| /// File Name: |
FreeBSD-SA-09-12.bind.txt |
Description:
|
FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 6056 | | Related CVE(s): | CVE-2009-0696 | | Last Modified: | Jul 29 14:47:58 2009 |
| MD5 Checksum: | 2d52c9eb6436dd05ac18daaed935b761 |
|
| /// File Name: |
FSSA-2009-0401.txt |
Description:
|
mChek version 3.4 suffers from multiple information disclosure vulnerabilities.
| | Author: | Gursev Kalra | | File Size: | 2644 | | Last Modified: | Jul 21 17:00:59 2009 |
| MD5 Checksum: | 5c7ba6c6ee9d97ffc2a648937e704add |
|
| /// File Name: |
FSSA-2009-0402.txt |
Description:
|
Mobile Rediff suffers from a username and password disclosure vulnerability.
| | Author: | Gursev Kalra | | File Size: | 1297 | | Last Modified: | Jul 17 14:43:25 2009 |
| MD5 Checksum: | befa24b150b44190c841cb50747f967b |
|
| /// File Name: |
glsa-200907-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2569 | | Related CVE(s): | CVE-2009-1364 | | Last Modified: | Jul 2 17:12:39 2009 |
| MD5 Checksum: | 57d8b3bd8cbd1704c9440a933b1af358 |
|
| /// File Name: |
glsa-200907-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Related CVE(s): | CVE-2009-1902, CVE-2009-1903 | | Last Modified: | Jul 2 17:12:58 2009 |
| MD5 Checksum: | a62d37b5997352d6767eeac6898dcb87 |
|
| /// File Name: |
glsa-200907-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-03 - Multiple vulnerabilities in the Apache Portable Runtime Utility Library might enable remote attackers to cause a Denial of Service or disclose sensitive information. Versions less than 1.3.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3581 | | Related CVE(s): | CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 | | Last Modified: | Jul 6 13:38:09 2009 |
| MD5 Checksum: | 1ef438d70e7df958e58cfa6df3a18bf3 |
|
| /// File Name: |
glsa-200907-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-04 - Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Versions less than 2.2.11-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3952 | | Related CVE(s): | CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891 | | Last Modified: | Jul 13 11:46:56 2009 |
| MD5 Checksum: | df91e6ccc0947bb6909ff57be43daa99 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
