Section: .. / 1001-advisories /
| /// File Name: |
dsa-1975-1.txt |
Description:
|
Debian Linux Security Advisory 1975-1 - One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and nearly three years after the release of Debian GNU/Linux 4.0 alias 'etch' the security support for the old distribution (4.0 alias 'etch') is coming to an end next month.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 2240 | | Last Modified: | Jan 22 01:33:07 2010 |
| MD5 Checksum: | 20fed87feeedb11614fc8e7257db3777 |
|
| /// File Name: |
dsa-1977-1.txt |
Description:
|
Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 33836 | | Related CVE(s): | CVE-2008-2316, CVE-2009-3560, CVE-2009-3720 | | Last Modified: | Jan 26 21:17:02 2010 |
| MD5 Checksum: | 849e7c1a44931c10b7948c6f91f0b161 |
|
| /// File Name: |
dsa-1980-1.txt |
Description:
|
Debian Linux Security Advisory 1980-1 - David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016). This issue affects both, ircd-hybrid and ircd-ratbox.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 10332 | | Related CVE(s): | CVE-2009-4016, CVE-2010-0300 | | Last Modified: | Jan 29 16:57:24 2010 |
| MD5 Checksum: | 6abd38406438648094718cf58d2701eb |
|
| /// File Name: |
dsa-1981-1.txt |
Description:
|
Debian Linux Security Advisory 1981-1 - Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7440 | | Last Modified: | Jan 29 17:28:31 2010 |
| MD5 Checksum: | d71498bde7e9b947d97c068eb038aff8 |
|
| /// File Name: |
dsa-1981-2.txt |
Description:
|
Debian Linux Security Advisory 1981-2 - The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7023 | | Related CVE(s): | CVE-2010-0301 | | Last Modified: | Jan 29 18:27:45 2010 |
| MD5 Checksum: | 00664f6329ad84b6d0353790886ea97b |
|
| /// File Name: |
dsa-1982-1.txt |
Description:
|
Debian Linux Security Advisory 1982-1 - Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 4956 | | Related CVE(s): | CVE-2010-0303 | | Last Modified: | Jan 29 19:34:57 2010 |
| MD5 Checksum: | 678871e6c326ebcc674f9f842488b0cf |
|
| /// File Name: |
dsa-1983-1.txt |
Description:
|
Debian Linux Security Advisory 1983-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 9969 | | Related CVE(s): | CVE-2009-4337, CVE-2010-0304 | | Last Modified: | Jan 31 15:52:17 2010 |
| MD5 Checksum: | 6c3925f2818ab2c48c430789bc1e69cb |
|
| /// File Name: |
dsa-1984-1.txt |
Description:
|
Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 6412 | | Related CVE(s): | CVE-2009-2625 | | Last Modified: | Jan 31 15:42:38 2010 |
| MD5 Checksum: | a80f738930c7386a753dea29dd143d93 |
|
| /// File Name: |
dsa-1985-1.txt |
Description:
|
Debian Linux Security Advisory 1985-1 - It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 27346 | | Related CVE(s): | CVE-2009-4565 | | Last Modified: | Jan 31 16:26:17 2010 |
| MD5 Checksum: | 079a17fa8d5d399fecb93c8957fd2d86 |
|
| /// File Name: |
easyadmin2pro-xss.txt |
Description:
|
easyAdmin2Pro suffers from a cross site scripting vulnerability.
| | Author: | lossless | | Homepage: | http://secworm.net/ | | File Size: | 2599 | | Last Modified: | Jan 11 15:36:38 2010 |
| MD5 Checksum: | 7fd3e29bcc625413f394182973e478e6 |
|
| /// File Name: |
fasync-ref.txt |
Description:
|
Linux kernel versions 2.6.28 and above suffer from an issue where locked fasync file descriptors can be referenced after free.
| | Author: | Tavis Ormandy | | File Size: | 2840 | | Last Modified: | Jan 14 11:20:25 2010 |
| MD5 Checksum: | d4c53ad3931ceb50d2c64d763ec476f5 |
|
| /// File Name: |
fortinet-ie.txt |
Description:
|
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 2634 | | Related CVE(s): | CVE-2010-0247 | | Last Modified: | Jan 22 19:20:55 2010 |
| MD5 Checksum: | e7db22d95ac15b0b82bbd0d3100d5e27 |
|
| /// File Name: |
FreeBSD-SA-10-01.bind.txt |
Description:
|
FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 9993 | | Related CVE(s): | CVE-2009-4022 | | Last Modified: | Jan 7 13:55:35 2010 |
| MD5 Checksum: | 02ddb5c2c1012a828b2639d5d7f46626 |
|
| /// File Name: |
FreeBSD-SA-10-02.ntpd.txt |
Description:
|
FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 6101 | | Related CVE(s): | CVE-2009-3563 | | Last Modified: | Jan 7 14:01:14 2010 |
| MD5 Checksum: | 3c29961c0b015462befccbfa761fa138 |
|
| /// File Name: |
FreeBSD-SA-10-03.zfs.txt |
Description:
|
FreeBSD Security Advisory - When replaying setattr transaction, the replay code in ZFS Intent Log would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes. A system crash or power fail would leave some file with mode set to 07777. This could leak sensitive information or cause privilege escalation.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5662 | | Last Modified: | Jan 7 14:31:54 2010 |
| MD5 Checksum: | 2a67eb6021b942c6c0fd652d8550c8a2 |
|
| /// File Name: |
glsa-201001-01.txt |
Description:
|
Gentoo Linux Security Advisory 201001-1 - A Denial of Service condition in ntpd can cause excessive CPU or bandwidth consumption. Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host. Versions less than 4.2.4_p7-r1 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 2586 | | Related CVE(s): | CVE-2009-3563 | | Last Modified: | Jan 3 21:50:23 2010 |
| MD5 Checksum: | 194bbb7542bfbd18deac2242363493c2 |
|
| /// File Name: |
glsa-201001-03.txt |
Description:
|
Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 5978 | | Related CVE(s): | CVE-2008-5498, CVE-2008-5514, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2008-5814, CVE-2008-5844, CVE-2008-7002, CVE-2009-0754, CVE-2009-1271, CVE-2009-1272, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4142, CVE-2009-4143 | | Last Modified: | Jan 5 16:46:56 2010 |
| MD5 Checksum: | 712336a63c0cc0a0608bdcf2ae90dee2 |
|
| /// File Name: |
glsa-201001-04.txt |
Description:
|
Gentoo Linux Security Advisory 201001-4 - Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Versions less than 3.0.12 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 3885 | | Related CVE(s): | CVE-2009-3692, CVE-2009-3940 | | Last Modified: | Jan 13 21:32:25 2010 |
| MD5 Checksum: | 76bf3b108b46ccadef0d7961a2365b81 |
|
| /// File Name: |
glsa-201001-05.txt |
Description:
|
Gentoo Linux Security Advisory 201001-5 - A remote attacker can bypass the tcp-wrappers client authorization in net-snmp. The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Versions less than 5.4.2.1-r1 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 2632 | | Related CVE(s): | CVE-2008-6123 | | Last Modified: | Jan 13 21:32:51 2010 |
| MD5 Checksum: | a1bfd14b3b6a22eede2005476498eddf |
|
| /// File Name: |
glsa-201001-06.txt |
Description:
|
Gentoo Linux Security Advisory 201001-6 - A buffer overflow and a format string vulnerability in aria2 allow remote attackers to execute arbitrary code. Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string vulnerability in the AbstractCommand::onAbort() function in src/AbstractCommand.cc (CVE-2009-3617). Versions less than 1.6.3 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 2773 | | Related CVE(s): | CVE-2009-3575, CVE-2009-3617 | | Last Modified: | Jan 13 22:02:52 2010 |
| MD5 Checksum: | 0ea5181d0e35ca44e5f20b3cee174318 |
|
| /// File Name: |
glsa-201001-07.txt |
Description:
|
Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.
| | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 2563 | | Related CVE(s): | CVE-2008-4863 | | Last Modified: | Jan 13 22:05:00 2010 |
| MD5 Checksum: | 0b96757cc06e2c1e51d58565fb019d2a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
