contenu de la page
Flux RSS sécurité de debian
Ceci est le flux RSS importé de l'adresse suivante : http://www.debian.org/security/dsa-long.fr.rdf
DSA-2011 dpkg - path traversal
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
10 mars 2010
lire plus sur DSA-2011 dpkg - path traversalDSA-2010 kvm - privilege escalation/denial of service
Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:
10 mars 2010
lire plus sur DSA-2010 kvm - privilege escalation/denial of serviceDSA-2009 tdiary - insufficient input sanitising
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitising in the TrackBack transmission plugin.
9 mars 2010
lire plus sur DSA-2009 tdiary - insufficient input sanitisingDSA-2008 typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.
8 mars 2010
lire plus sur DSA-2008 typo3-src - several vulnerabilitiesDSA-2007 cups - format string vulnerability
Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
3 mars 2010
lire plus sur DSA-2007 cups - format string vulnerabilityDSA-2006 sudo - several vulnerabilities
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems:
2 mars 2010
lire plus sur DSA-2006 sudo - several vulnerabilitiesDSA-2004 samba - several vulnerabilities
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems:
28 fevrier 2010
lire plus sur DSA-2004 samba - several vulnerabilitiesDSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date.
27 fevrier 2010
lire plus sur DSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakDSA-2003 linux-2.6 - privilege escalation/denial of service
NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly.
22 fevrier 2010
lire plus sur DSA-2003 linux-2.6 - privilege escalation/denial of serviceDSA-2002 polipo - denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems:
19 fevrier 2010
lire plus sur DSA-2002 polipo - denial of serviceDSA-2001 php5 - multiple vulnerabilities
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems:
19 fevrier 2010
lire plus sur DSA-2001 php5 - multiple vulnerabilitiesDSA-2000 ffmpeg-debian - several vulnerabilities
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer:
18 fevrier 2010
lire plus sur DSA-2000 ffmpeg-debian - several vulnerabilitiesDSA-1999 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
18 fevrier 2010
lire plus sur DSA-1999 xulrunner - several vulnerabilitiesDSA-1998 kdelibs - buffer overflow
Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
17 fevrier 2010
lire plus sur DSA-1998 kdelibs - buffer overflowDSA-1997 mysql-dfsg-5.0 - several vulnerabilities
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:
14 fevrier 2010
lire plus sur DSA-1997 mysql-dfsg-5.0 - several vulnerabilitiesDSA-1996 linux-2.6 - privilege escalation/denial of service/sensitive memory leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
12 fevrier 2010
lire plus sur DSA-1996 linux-2.6 - privilege escalation/denial of service/sensitive memory leakDSA-1995 openoffice.org - several vulnerabilities
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems:
12 fevrier 2010
lire plus sur DSA-1995 openoffice.org - several vulnerabilitiesDSA-1994 ajaxterm - weak session IDs
It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
11 fevrier 2010
lire plus sur DSA-1994 ajaxterm - weak session IDsDSA-1993 otrs2 - sql injection
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2.
10 fevrier 2010
lire plus sur DSA-1993 otrs2 - sql injection
