最新 Debian 安全通告

RSS feed
Debian Security Advisories
已更新: 2 分鐘 1 秒 前

DSA-1652 ruby1.9 - several vulnerabilities

21 小時 2 分鐘

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1651 ruby1.8 - several vulnerabilities

21 小時 2 分鐘

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1650 openldap2.3 - denial of service

21 小時 2 分鐘

Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests.

DSA-1649 iceweasel - several vulnerabilities

2008, 十月 8 - 00:00

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1648 mon - insecure temporary files

2008, 十月 8 - 00:00

Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks.

DSA-1647 php5 - several vulnerabilities

2008, 十月 7 - 00:00

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1646 squid - array bounds check

2008, 十月 7 - 00:00

A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.

DSA-1645 lighttpd - various

2008, 十月 6 - 00:00

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.

DSA-1643 feta - insecure temp file handling

2008, 十月 5 - 00:00

Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.

DSA-1644 mplayer - integer overflow

2008, 十月 5 - 00:00

Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously crafted video file.

DSA-1642 horde3 - cross site scripting

2008, 九月 20 - 00:00

Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.

DSA-1641 phpmyadmin - several vulnerabilities

2008, 九月 20 - 00:00

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1640 python-django - several vulnerabilities

2008, 九月 20 - 00:00

Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909.

DSA-1639 twiki - command execution

2008, 九月 19 - 00:00

It was discovered that twiki, a web based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user.

DSA-1638 openssh - denial of service

2008, 九月 16 - 00:00

It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109).

DSA-1637 git-core - buffer overflow

2008, 九月 15 - 00:00

Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code.

DSA-1636 linux-2.6.24 - denial of service/information leak

2008, 九月 11 - 00:00

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-1635 freetype - multiple vulnerabilities

2008, 九月 10 - 00:00

Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code.

DSA-1634 wordnet - stack and heap overflows

2008, 九月 1 - 00:00

Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application.

DSA-1633 slash - SQL Injection, Cross-Site Scripting

2008, 九月 1 - 00:00

It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553).