Seiteninhalt
RSS-Flux Debian Security
Dieser RSS-Flux wurde von folgender Seite importiert: http://www.debian.org/security/dsa-long.en.rdf
DSA-2405 apache2 - multiple issues
Several vulnerabilities have been found in the Apache HTTPD Server:
6 Februar 2012
lese mehr über DSA-2405 apache2 - multiple issuesDSA-2403 php5 - code injection
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
6 Februar 2012
lese mehr über DSA-2403 php5 - code injectionDSA-2404 xen-qemu-dm-4.0 - buffer overflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
5 Februar 2012
lese mehr über DSA-2404 xen-qemu-dm-4.0 - buffer overflowDSA-2384 cacti - several vulnerabilities
Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
4 Februar 2012
lese mehr über DSA-2384 cacti - several vulnerabilitiesDSA-2402 iceape - several vulnerabilities
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
2 Februar 2012
lese mehr über DSA-2402 iceape - several vulnerabilitiesDSA-2401 tomcat6 - several vulnerabilities
Several vulnerabilities have been found in Tomcat, a servlet and JSP engine:
2 Februar 2012
lese mehr über DSA-2401 tomcat6 - several vulnerabilitiesDSA-2400 iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
2 Februar 2012
lese mehr über DSA-2400 iceweasel - several vulnerabilitiesDSA-2399 php5 - several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:
31 Januar 2012
lese mehr über DSA-2399 php5 - several vulnerabilitiesDSA-2398 curl - several vulnerabilities
Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:
30 Januar 2012
lese mehr über DSA-2398 curl - several vulnerabilitiesDSA-2397 icu - buffer underflow
It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.
29 Januar 2012
lese mehr über DSA-2397 icu - buffer underflowDSA-2396 qemu-kvm - buffer underflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
27 Januar 2012
lese mehr über DSA-2396 qemu-kvm - buffer underflowDSA-2395 wireshark - buffer underflow
Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068).
27 Januar 2012
lese mehr über DSA-2395 wireshark - buffer underflowDSA-2394 libxml2 - several vulnerabilities
Many security problems have been fixed in libxml2, a popular library to handle XML data files.
27 Januar 2012
lese mehr über DSA-2394 libxml2 - several vulnerabilitiesDSA-2393 bip - buffer overflow
Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users.
25 Januar 2012
lese mehr über DSA-2393 bip - buffer overflowDSA-2392 openssl - out-of-bounds read
Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.
23 Januar 2012
lese mehr über DSA-2392 openssl - out-of-bounds readDSA-2301 rails - several vulnerabilities
Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:
23 Januar 2012
lese mehr über DSA-2301 rails - several vulnerabilitiesDSA-2391 phpmyadmin - several vulnerabilities
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
22 Januar 2012
lese mehr über DSA-2391 phpmyadmin - several vulnerabilitiesDSA-2390 openssl - several vulnerabilities
Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
15 Januar 2012
lese mehr über DSA-2390 openssl - several vulnerabilitiesDSA-2389 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
15 Januar 2012
lese mehr über DSA-2389 linux-2.6 - privilege escalation/denial of service/information leakDSA-2388 t1lib - several vulnerabilities
Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.
14 Januar 2012
lese mehr über DSA-2388 t1lib - several vulnerabilitiesDSA-2387 simplesamlphp - insufficient input sanitation
timtai1
discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data.11 Januar 2012
lese mehr über DSA-2387 simplesamlphp - insufficient input sanitationDSA-2386 openttd - several vulnerabilities
Several vulnerabilities have been discovered in OpenTTD, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service.
10 Januar 2012
lese mehr über DSA-2386 openttd - several vulnerabilitiesDSA-2385 pdns - packet loop
Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
10 Januar 2012
lese mehr über DSA-2385 pdns - packet loop
