inhoud van de pagina
RSS-feed Debian beveiliging
Dit is de RSS feed geïmporteerd van het volgende adres : http://www.debian.org/security/dsa-long.nl.rdf
DSA-2669 linux - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
15 mei 2013
meer lezen over DSA-2669 linux - privilege escalation/denial of service/information leakDSA-2668 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
14 mei 2013
meer lezen over DSA-2668 linux-2.6 - privilege escalation/denial of service/information leakDSA-2667 mysql-5.5 - several vulnerabilities
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects.
12 mei 2013
meer lezen over DSA-2667 mysql-5.5 - several vulnerabilitiesDSA-2666 xen - several vulnerabilities
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
12 mei 2013
meer lezen over DSA-2666 xen - several vulnerabilitiesDSA-2664 stunnel4 - buffer overflow
Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication (
protocolAuthentication = NTLM
) together with theconnect
protocol method (protocol = connect
). With these prerequisites and using stunnel4 in SSL client mode (client = yes
) on a 64 bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.2 mei 2013
meer lezen over DSA-2664 stunnel4 - buffer overflowDSA-2665 strongswan - authentication bypass
Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution.
30 april 2013
meer lezen over DSA-2665 strongswan - authentication bypassDSA-2663 tinc - stack based buffer overflow
Martin Schobert discovered a stack-based vulnerability in tinc, a Virtual Private Network (VPN) daemon.
22 april 2013
meer lezen over DSA-2663 tinc - stack based buffer overflowDSA-2660 curl - exposure of sensitive information
Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain
ample.com
could accidentally also be sent by libcurl when communicating withexample.com
.20 april 2013
meer lezen over DSA-2660 curl - exposure of sensitive informationDSA-2662 xen - several vulnerabilities
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
18 april 2013
meer lezen over DSA-2662 xen - several vulnerabilitiesDSA-2661 xorg-server - information disclosure
David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the X.Org X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug.
17 april 2013
meer lezen over DSA-2661 xorg-server - information disclosure
