Section: .. / 0805-advisories /
| /// File Name: |
dsa-1581-1.txt |
Description:
|
Debian Security Advisory 1581-1 - Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution. Repeated client hellos may result in a pre-authentication denial of service condition due to a null pointer dereference. Decoding cipher padding with an invalid record length may cause GNUTLS to read memory beyond the end of the received record, leading to a pre-authentication denial of service condition.
| | Homepage: | http://www.debian.org/security | | File Size: | 10769 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1950, CVE-2008-1949 | | Last Modified: | May 20 16:42:16 2008 |
| MD5 Checksum: | 6e93f5ea4d61f973f00663bbeffaaacd |
|
| /// File Name: |
dsa-1582-1.txt |
Description:
|
Debian Security Advisory 1582-1 - Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 10654 | | Related CVE(s): | CVE-2008-2040 | | Last Modified: | May 20 16:42:50 2008 |
| MD5 Checksum: | d29044254726e8705bcaadf4fbcf48a3 |
|
| /// File Name: |
dsa-1583-1.txt |
Description:
|
Debian Security Advisory 1583-1 - Several remote vulnerabilities have been discovered in Gnome PeerCast, the Gnome interface to PeerCast, a P2P audio and video streaming server. Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5634 | | Related CVE(s): | CVE-2008-6454, CVE-2008-2040 | | Last Modified: | May 20 16:44:01 2008 |
| MD5 Checksum: | e89901539c6ed14bbd402e0acdedca9e |
|
| /// File Name: |
dsa-1584-1.txt |
Description:
|
Debian Security Advisory 1584-1 - It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8702 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:47:44 2008 |
| MD5 Checksum: | f19fb5a9a9765a41edf16fe3a08f13ba |
|
| /// File Name: |
dsa-1585-1.txt |
Description:
|
Debian Security Advisory 1585-1 - It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6408 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:48:25 2008 |
| MD5 Checksum: | 6e6b3fb8c6b928ee12e90b4ebedd2f50 |
|
| /// File Name: |
dsa-1586-1.txt |
Description:
|
Debian Security Advisory 1586-1 - Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.
| | Homepage: | http://www.debian.org/security | | File Size: | 9354 | | Related CVE(s): | CVE-2008-1482, CVE-2008-1686, CVE-2008-1878 | | Last Modified: | May 22 19:50:45 2008 |
| MD5 Checksum: | 1c9f92bc85f505e380ecfca8fd866b8c |
|
| /// File Name: |
dsa-1587-1.txt |
Description:
|
Debian Security Advisory 1587-1 - Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
| | Homepage: | http://www.debian.org/security | | File Size: | 6180 | | Related CVE(s): | CVE-2008-2357 | | Last Modified: | May 27 18:19:29 2008 |
| MD5 Checksum: | f426ed28ca331fc3ed2e887d5d814207 |
|
| /// File Name: |
dsa-1588-1.txt |
Description:
|
Debian Security Advisory 1588-1 - Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 34460 | | Related CVE(s): | CVE-2007-6712, CVE-2008-1615, CVE-2008-2136, CVE-2008-2137 | | Last Modified: | May 27 19:33:33 2008 |
| MD5 Checksum: | 948ffa8231b344838e89445e5372dd29 |
|
| /// File Name: |
dsa-1588-2.txt |
Description:
|
Debian Security Advisory 1588-2 - Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service. This updated advisory adds the linux-2.6 build for s390 and the fai-kernels build for powerpc which were not yet available at the time of DSA-1588-1.
| | Homepage: | http://www.debian.org/security | | File Size: | 36679 | | Related CVE(s): | CVE-2007-6712, CVE-2008-1615, CVE-2008-2136, CVE-2008-2137 | | Last Modified: | May 31 15:24:22 2008 |
| MD5 Checksum: | 7b4eb15aa749c16aa43a55bfee18da49 |
|
| /// File Name: |
dsa-1589-1.txt |
Description:
|
Debian Security Advisory 1589-1 - It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps.
| | Homepage: | http://www.debian.org/security | | File Size: | 11865 | | Related CVE(s): | CVE-2008-1767 | | Last Modified: | May 28 10:43:16 2008 |
| MD5 Checksum: | 7b5f587bc9fed104901ba5bf13c35d8a |
|
| /// File Name: |
dsa-1590-1.txt |
Description:
|
Debian Security Advisory 1590-1 - Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution
| | Homepage: | http://www.debian.org/security | | File Size: | 22435 | | Related CVE(s): | CVE-2008-1105 | | Last Modified: | May 31 15:22:39 2008 |
| MD5 Checksum: | fe58d0edc57780fbc8bfa5688ffbf607 |
|
| /// File Name: |
FICORA-130447.txt |
Description:
|
CERT-FI Vulnerability Advisory on GnuTLS - GnuTLS versions prior to 2.2.4 suffer from denial of service and buffer overflow vulnerabilities.
| | Author: | Ossi Herrala, Jukka Taimisto | | Homepage: | http://www.cert.fi/ | | File Size: | 6341 | | Last Modified: | May 20 16:35:24 2008 |
| MD5 Checksum: | 73fe6ff310a9b93a567dbdc4ea52afb8 |
|
| /// File Name: |
glsa-200805-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4800 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | May 6 16:22:04 2008 |
| MD5 Checksum: | fbc502d5bf403437b5eb5c915a78fca3 |
|
| /// File Name: |
glsa-200805-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2828 | | Related CVE(s): | CVE-2008-1924 | | Last Modified: | May 6 16:22:30 2008 |
| MD5 Checksum: | f5057ea23bcd61d5a2859e06b80048e8 |
|
| /// File Name: |
glsa-200805-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4335 | | Related CVE(s): | CVE-2008-1142, CVE-2008-1692 | | Last Modified: | May 7 20:37:56 2008 |
| MD5 Checksum: | e7bce4b2f319f035e053ff26dbb0497a |
|
| /// File Name: |
glsa-200805-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3609 | | Related CVE(s): | CVE-2008-1502, CVE-2008-2041 | | Last Modified: | May 7 20:38:18 2008 |
| MD5 Checksum: | 0ef7dd1b359cd5c05af051363a60b6d3 |
|
| /// File Name: |
glsa-200805-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2857 | | Related CVE(s): | CVE-2008-1880 | | Last Modified: | May 9 13:52:37 2008 |
| MD5 Checksum: | 85f645f65baa0b3fe9c141d775831681 |
|
| /// File Name: |
glsa-200805-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4366 | | Last Modified: | May 9 13:53:07 2008 |
| MD5 Checksum: | b99107d7cc4efe620d3b52050bad0f8f |
|
| /// File Name: |
glsa-200805-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2399 | | Related CVE(s): | CVE-2008-1925 | | Last Modified: | May 9 13:53:32 2008 |
| MD5 Checksum: | cdb2393100a4faec5400559fd35ff0f8 |
|
| /// File Name: |
glsa-200805-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2956 | | Related CVE(s): | CVE-2008-1937 | | Last Modified: | May 12 10:37:50 2008 |
| MD5 Checksum: | f5912af55302350b385b5dd9c8aea1a1 |
|
| /// File Name: |
glsa-200805-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3170 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | May 12 10:41:29 2008 |
| MD5 Checksum: | 7cfec10bfa57130b88afb7bff74c84e3 |
|
| /// File Name: |
glsa-200805-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-11 - Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Versions less than 3.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3061 | | Last Modified: | May 12 18:26:45 2008 |
| MD5 Checksum: | d9d22fd1973d39963760ae4fd6fe5097 |
|
| /// File Name: |
glsa-200805-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3313 | | Related CVE(s): | CVE-2008-1102, CVE-2008-1103 | | Last Modified: | May 12 18:26:58 2008 |
| MD5 Checksum: | 448f5fac796df4e8c92d9693409be43e |
|
| /// File Name: |
glsa-200805-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-13 - Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 3.1.10_p20071203 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3730 | | Last Modified: | May 12 18:27:15 2008 |
| MD5 Checksum: | 15830348aa8fe782c793f470674bbf22 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
