inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
DSA-1695 ruby1.8, ruby1.9 - memory leak
The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).
2 januari 2009
meer lezen over DSA-1695 ruby1.8, ruby1.9 - memory leakDSA-1694 xterm - design flaw
Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).
2 januari 2009
meer lezen over DSA-1694 xterm - design flawDSA-1693 phppgadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
27 december 2008
meer lezen over DSA-1693 phppgadmin - several vulnerabilitiesDSA-1692 php-xajax - insufficient input sanitising
It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs.
27 december 2008
meer lezen over DSA-1692 php-xajax - insufficient input sanitisingDSA-1691 moodle - several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
22 december 2008
meer lezen over DSA-1691 moodle - several vulnerabilitiesDSA-1690 avahi - assert errors
Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.
22 december 2008
meer lezen over DSA-1690 avahi - assert errorsDSA-1689 proftpd-dfsg - missing input validation
Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
21 december 2008
meer lezen over DSA-1689 proftpd-dfsg - missing input validationDSA-1688 courier-authlib - SQL injection
Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).
20 december 2008
meer lezen over DSA-1688 courier-authlib - SQL injectionDSA-1687 linux-2.6 - denial of service/privilege escalation
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
15 december 2008
meer lezen over DSA-1687 linux-2.6 - denial of service/privilege escalationDSA-1686 no-ip - buffer overflow
A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code.
14 december 2008
meer lezen over DSA-1686 no-ip - buffer overflowDSA-1685 uw-imap - buffer overflows, null pointer dereference
Two vulnerabilities have been found in uw-imap, an IMAP implementation. The Common Vulnerabilities and Exposures project identifies the following problems:
12 december 2008
meer lezen over DSA-1685 uw-imap - buffer overflows, null pointer dereferenceDSA-1684 lcms - multiple vulnerabilities
Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems:
10 december 2008
meer lezen over DSA-1684 lcms - multiple vulnerabilitiesDSA-1683 streamripper - buffer overflow
Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).
8 december 2008
meer lezen over DSA-1683 streamripper - buffer overflow
