contenu de la page
Flux RSS sécurité de debian
Ceci est le flux RSS importé de l'adresse suivante : http://www.debian.org/security/dsa-long.fr.rdf
DSA-2016 drupal6 - several vulnerabilities
Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework.
13 mars 2010
lire plus sur DSA-2016 drupal6 - several vulnerabilitiesDSA-2014 moin - several vulnerabilities
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems:
12 mars 2010
lire plus sur DSA-2014 moin - several vulnerabilitiesDSA-2013 egroupware - several vulnerabilities
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
11 mars 2010
lire plus sur DSA-2013 egroupware - several vulnerabilitiesDSA-2012 linux-2.6 - privilege escalation/denial of service
Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
11 mars 2010
lire plus sur DSA-2012 linux-2.6 - privilege escalation/denial of serviceDSA-2011 dpkg - path traversal
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
10 mars 2010
lire plus sur DSA-2011 dpkg - path traversalDSA-2010 kvm - privilege escalation/denial of service
Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:
10 mars 2010
lire plus sur DSA-2010 kvm - privilege escalation/denial of serviceDSA-2009 tdiary - insufficient input sanitising
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitising in the TrackBack transmission plugin.
9 mars 2010
lire plus sur DSA-2009 tdiary - insufficient input sanitisingDSA-2008 typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.
8 mars 2010
lire plus sur DSA-2008 typo3-src - several vulnerabilitiesDSA-2007 cups - format string vulnerability
Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
3 mars 2010
lire plus sur DSA-2007 cups - format string vulnerabilityDSA-2006 sudo - several vulnerabilities
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems:
2 mars 2010
lire plus sur DSA-2006 sudo - several vulnerabilitiesDSA-2004 samba - several vulnerabilities
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems:
28 fevrier 2010
lire plus sur DSA-2004 samba - several vulnerabilitiesDSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date.
27 fevrier 2010
lire plus sur DSA-2005 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakDSA-2003 linux-2.6 - privilege escalation/denial of service
NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly.
22 fevrier 2010
lire plus sur DSA-2003 linux-2.6 - privilege escalation/denial of serviceDSA-2002 polipo - denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems:
19 fevrier 2010
lire plus sur DSA-2002 polipo - denial of serviceDSA-2001 php5 - multiple vulnerabilities
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems:
19 fevrier 2010
lire plus sur DSA-2001 php5 - multiple vulnerabilitiesDSA-2000 ffmpeg-debian - several vulnerabilities
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer:
18 fevrier 2010
lire plus sur DSA-2000 ffmpeg-debian - several vulnerabilitiesDSA-1999 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
18 fevrier 2010
lire plus sur DSA-1999 xulrunner - several vulnerabilitiesDSA-1998 kdelibs - buffer overflow
Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
17 fevrier 2010
lire plus sur DSA-1998 kdelibs - buffer overflowDSA-1997 mysql-dfsg-5.0 - several vulnerabilities
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:
14 fevrier 2010
lire plus sur DSA-1997 mysql-dfsg-5.0 - several vulnerabilitiesDSA-1996 linux-2.6 - privilege escalation/denial of service/sensitive memory leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
12 fevrier 2010
lire plus sur DSA-1996 linux-2.6 - privilege escalation/denial of service/sensitive memory leakDSA-1995 openoffice.org - several vulnerabilities
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems:
12 fevrier 2010
lire plus sur DSA-1995 openoffice.org - several vulnerabilitiesDSA-1994 ajaxterm - weak session IDs
It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
11 fevrier 2010
lire plus sur DSA-1994 ajaxterm - weak session IDs
