Section: .. / 0802-advisories /
| /// File Name: |
dsa-1489-1.txt |
Description:
|
Debian Security Advisory 1489-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. These include arbitrary code execution, privilege escalation, and directory traversal flaws.
| | Homepage: | http://www.debian.org/security | | File Size: | 11716 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:01:28 2008 |
| MD5 Checksum: | ac2c18d94b7eb798fe55715ab2115b91 |
|
| /// File Name: |
dsa-1490-1.txt |
Description:
|
Debian Security Advisory 1490-1 - It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11531 | | Related CVE(s): | CVE-2008-0553 | | Last Modified: | Feb 11 14:02:02 2008 |
| MD5 Checksum: | 9b0705cb253b538c6ef0798c46fbd865 |
|
| /// File Name: |
dsa-1491-1.txt |
Description:
|
Debian Security Advisory 1491-1 - It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11702 | | Related CVE(s): | CVE-2008-0553 | | Last Modified: | Feb 11 14:02:36 2008 |
| MD5 Checksum: | 34e4be2d30d46fc098c03110bac57e94 |
|
| /// File Name: |
dsa-1492-1.txt |
Description:
|
Debian Security Advisory 1492-1 - Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML generation toolkit, creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script, which could lead to local denial of service by overwriting files.
| | Homepage: | http://www.debian.org/security | | File Size: | 4765 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Feb 11 14:03:30 2008 |
| MD5 Checksum: | bc2ce85d338ccaddd0884aa09b0fe214 |
|
| /// File Name: |
dsa-1493-1.txt |
Description:
|
Debian Security Advisory 1493-1 - Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in denial of service and potentially the execution of arbitrary code. It was discovered that a buffer overflow in IFF ILBM image parsing could result in denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12740 | | Related CVE(s): | CVE-2007-6697, CVE-2008-0554 | | Last Modified: | Feb 11 14:04:19 2008 |
| MD5 Checksum: | 72bbc9959cf2a3e4342467b27b1fbd0d |
|
| /// File Name: |
dsa-1494-1.txt |
Description:
|
Debian Security Advisory 1494-1 - The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges. In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers.
| | Homepage: | http://www.debian.org/security | | File Size: | 19108 | | Related CVE(s): | CVE-2008-0010, CVE-2008-0600, CVE-2008-0163 | | Last Modified: | Feb 11 14:05:40 2008 |
| MD5 Checksum: | b42537a9d76554c92306fe4961b6dc02 |
|
| /// File Name: |
dsa-1494-2.txt |
Description:
|
Debian Security Advisory 1494-2 - The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges. In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers.
| | Homepage: | http://www.debian.org/security | | File Size: | 36918 | | Related CVE(s): | CVE-2008-0010, CVE-2008-0163, CVE-2008-0600 | | Last Modified: | Feb 13 17:23:21 2008 |
| MD5 Checksum: | fcaa16c388cd1512b0f196fbca14702d |
|
| /// File Name: |
dsa-1495-1.txt |
Description:
|
Debian Security Advisory 1495-1 - Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.
| | Homepage: | http://www.debian.org/security | | File Size: | 12376 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623 | | Last Modified: | Feb 12 17:58:11 2008 |
| MD5 Checksum: | ac4b568b8c197f5036af26de7340f891 |
|
| /// File Name: |
dsa-1495-2.txt |
Description:
|
Debian Security Advisory 1495-2 - A problem with the build system of the nagios-plugins package from old stable (Sarge) lead to check_procs not being included for the i386 architecture. This update fixes this regression. Several local/remote vulnerabilities had been discovered in two of the plugins for the Nagios network monitoring and management system.
| | Homepage: | http://www.debian.org/security | | File Size: | 5895 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623 | | Last Modified: | Feb 17 21:34:38 2008 |
| MD5 Checksum: | ff305e0c4eda51ab3ed85e75da24ac04 |
|
| /// File Name: |
dsa-1496-1.txt |
Description:
|
Debian Security Advisory 1496-1 - Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files. Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing. Adam Bozanich discovered a buffer overflow in the CDDB access code. Adam Bozanich discovered a buffer overflow in URL parsing.
| | Homepage: | http://www.debian.org/security | | File Size: | 5436 | | Related CVE(s): | CVE-2008-0485, CVE-2008-0486, CVE-2008-0629, CVE-2008-0630 | | Last Modified: | Feb 12 17:59:18 2008 |
| MD5 Checksum: | 67a3e9665a60f89ce2ac2be6e2163aa8 |
|
| /// File Name: |
dsa-1497-1.txt |
Description:
|
Debian Security Advisory 1497-1 - Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary or local denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 15426 | | Related CVE(s): | CVE-2007-6596, CVE-2008-0318 | | Last Modified: | Feb 17 21:32:37 2008 |
| MD5 Checksum: | 419ea804dac0c882350b048a29e86cf6 |
|
| /// File Name: |
dsa-1498-1.txt |
Description:
|
Debian Security Advisory 1498-1 - It was discovered that libimager-perl, a Perl extension for Generating 24 bit images, did not correctly handle 8-bit per-pixel compressed images, which could allow the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4647 | | Related CVE(s): | CVE-2007-2459 | | Last Modified: | Feb 20 00:49:44 2008 |
| MD5 Checksum: | 00273116bd8a6796f878a1105f49023e |
|
| /// File Name: |
dsa-1499-1.txt |
Description:
|
Debian Security Advisory 1499-1 - It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library.
| | Homepage: | http://www.debian.org/security | | File Size: | 16477 | | Related CVE(s): | CVE-2008-0674 | | Last Modified: | Feb 20 00:50:34 2008 |
| MD5 Checksum: | 95dfbe17ccdafbc52101bb3a4f2b8e9f |
|
| /// File Name: |
dsa-1500-1.txt |
Description:
|
Debian Security Advisory 1500-1 - Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp.
| | Homepage: | http://www.debian.org/security | | File Size: | 3985 | | Related CVE(s): | CVE-2008-0162 | | Last Modified: | Feb 22 02:50:23 2008 |
| MD5 Checksum: | 178f09ed0e085524174a14f285d527c8 |
|
| /// File Name: |
dsa-1501-1.txt |
Description:
|
Debian Security Advisory 1501-1 - Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails.
| | Homepage: | http://www.debian.org/security | | File Size: | 14918 | | Related CVE(s): | CVE-2007-6418 | | Last Modified: | Feb 22 02:51:03 2008 |
| MD5 Checksum: | 24894da35ec0609f00e10eb5e356a420 |
|
| /// File Name: |
dsa-1503.txt |
Description:
|
Debian Security Advisory 1503 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 55145 | | Related CVE(s): | CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007 | | Last Modified: | Feb 22 20:41:53 2008 |
| MD5 Checksum: | 3408c11383bf6b8fa21ef8da39900292 |
|
| /// File Name: |
dsa-1504.txt |
Description:
|
Debian Security Advisory 1504 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 32423 | | Related CVE(s): | CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007 | | Last Modified: | Feb 22 20:43:58 2008 |
| MD5 Checksum: | 6a98ca94c7306d808a8fbc6c05d02834 |
|
| /// File Name: |
dsa-1505.txt |
Description:
|
Debian Security Advisory 1505 - Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel.
| | Homepage: | http://www.debian.org/security | | File Size: | 8237 | | Related CVE(s): | CVE-2007-4571 | | Last Modified: | Feb 22 20:44:31 2008 |
| MD5 Checksum: | eb87723bff78c5cb1231ac73609c47e5 |
|
| /// File Name: |
dsa-1506-1.txt |
Description:
|
Debian Security Advisory 1506-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
| | Homepage: | http://www.debian.org/security | | File Size: | 19052 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 25 11:13:52 2008 |
| MD5 Checksum: | 76d9e510ec6e6ed82b90c17c5eb189fb |
|
| /// File Name: |
dsa-1507-1.txt |
Description:
|
Debian Security Advisory 1507-1 - Peter Paul Elfferich discovered that turba2, a contact management component for horde framework did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records.
| | Homepage: | http://www.debian.org/security | | File Size: | 3888 | | Related CVE(s): | CVE-2008-0807 | | Last Modified: | Feb 25 11:14:27 2008 |
| MD5 Checksum: | bc1d1a94e06e85238bcdab46df7d4bbe |
|
| /// File Name: |
dsa-1508-1.txt |
Description:
|
Debian Security Advisory 1508-1 - Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.
| | Homepage: | http://www.debian.org/security | | File Size: | 15005 | | Related CVE(s): | CVE-2008-0932 | | Last Modified: | Feb 25 16:11:08 2008 |
| MD5 Checksum: | a691db077309b48439b497dcbe48b208 |
|
| /// File Name: |
dsa-1509-1.txt |
Description:
|
Debian Security Advisory 1509-1 - Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document.
| | Homepage: | http://www.debian.org/security | | File Size: | 24810 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Feb 26 18:11:06 2008 |
| MD5 Checksum: | 24398930a6503c729ca0bb857c09e9c3 |
|
| /// File Name: |
dsa-1510-1.txt |
Description:
|
Debian Security Advisory 1510-1 - Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file.
| | Homepage: | http://www.debian.org/security | | File Size: | 12758 | | Related CVE(s): | CVE-2008-0411 | | Last Modified: | Feb 27 13:48:09 2008 |
| MD5 Checksum: | 494c001d4244d76d9882a2ef7cc2fcc3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
