Section: .. / 0712-advisories /
| /// File Name: |
dsa-1418-1.txt |
Description:
|
Debian Security Advisory 1418-1 - It was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitizing, which allows SQL injection.
| | Homepage: | http://www.debian.org/security | | File Size: | 3946 | | Related CVE(s): | CVE-2007-6035 | | Last Modified: | Dec 2 16:17:43 2007 |
| MD5 Checksum: | 306698b71e1f1c2e8eb89a954e7b4ac6 |
|
| /// File Name: |
dsa-1419-1.txt |
Description:
|
Debian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.
| | Homepage: | http://www.debian.org/security | | File Size: | 40929 | | Related CVE(s): | CVE-2007-4575 | | Last Modified: | Dec 6 00:36:20 2007 |
| MD5 Checksum: | 92c68412dd99e3d0a337050d62388dd3 |
|
| /// File Name: |
dsa-1420-1.txt |
Description:
|
Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 7625 | | Related CVE(s): | CVE-2007-6210 | | Last Modified: | Dec 6 01:05:07 2007 |
| MD5 Checksum: | 1021459e5bdabe31e5d3c3e215fcff28 |
|
| /// File Name: |
dsa-1421-1.txt |
Description:
|
Debian Security Advisory 1421-1 - A vulnerability has been discovered in Battle for Wesnoth that allows remote attackers to read arbitrary files the user running the client has access to on the machine running the game client.
| | Homepage: | http://www.debian.org/security | | File Size: | 17222 | | Related CVE(s): | CVE-2007-5742 | | Last Modified: | Dec 7 13:07:12 2007 |
| MD5 Checksum: | ae9ba3df00e201222644fe99a887e011 |
|
| /// File Name: |
dsa-1422-1.txt |
Description:
|
Debian Security Advisory 1422-1 - Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 33390 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 7 20:12:51 2007 |
| MD5 Checksum: | eee9c81949ab778d13554c837f5bc66c |
|
| /// File Name: |
dsa-1427-1.txt |
Description:
|
Debian Security Advisory 1427-1 - Alin Rad Pop discovered that Samba, a LanManager-like file and printer server for Unix, is vulnerable to a buffer overflow in the nmbd code which handles GETDC mailslot requests, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 42514 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 20:12:53 2007 |
| MD5 Checksum: | 99638cc68760f1e9169021824c12ff91 |
|
| /// File Name: |
dsa-1428-1.txt |
Description:
|
Debian Security Advisory 1428-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 37085 | | Related CVE(s): | CVE-2007-3104, CVE-2007-4997, CVE-2007-5500 | | Last Modified: | Dec 11 23:25:34 2007 |
| MD5 Checksum: | fb4b7a3957aab9d74e171dcfe9669d11 |
|
| /// File Name: |
dsa-1429-1.txt |
Description:
|
Debian Security Advisory 1429-1 - Michael Skibbe discovered that htdig, a WWW search system for an intranet or small internet, did not adequately quote values submitted to the search script, allowing remote attackers to inject arbitrary script or HTML into specially crafted links.
| | Homepage: | http://www.debian.org/security | | File Size: | 5030 | | Related CVE(s): | CVE-2007-6110 | | Last Modified: | Dec 11 23:26:15 2007 |
| MD5 Checksum: | f4050876b964b773d3a157af25d6c82f |
|
| /// File Name: |
dsa-1430-1.txt |
Description:
|
Debian Security Advisory 1430-1 - It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks when applications use pthreads.
| | Homepage: | http://www.debian.org/security | | File Size: | 7993 | | Related CVE(s): | CVE-2007-5794 | | Last Modified: | Dec 11 23:26:53 2007 |
| MD5 Checksum: | bf0f4fcb1717a4e3fc9857992734d35a |
|
| /// File Name: |
dsa-1431-1.txt |
Description:
|
Debian Security Advisory 1431-1 - It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitrary code if untrusted input is displayed within a dialog.
| | Homepage: | http://www.debian.org/security | | File Size: | 82292 | | Related CVE(s): | CVE-2007-6183 | | Last Modified: | Dec 11 23:27:48 2007 |
| MD5 Checksum: | 6c1ffb00f33c9c4f31805eeaa783ac7e |
|
| /// File Name: |
dsa-1432-1.txt |
Description:
|
Debian Security Advisory 1432-1 - Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's link grammar parser for English, performed insufficient validation within its tokenizer, which could allow a malicious input file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8879 | | Related CVE(s): | CVE-2007-5395 | | Last Modified: | Dec 17 20:26:26 2007 |
| MD5 Checksum: | 764bcc1dc4dd9095916d5a12c1972e44 |
|
| /// File Name: |
dsa-1433-1.txt |
Description:
|
Debian Security Advisory 1433-1 - Several remote vulnerabilities have been discovered in centericq, a text-mode multi-protocol instant messenger client, which could allow remote attackers to execute arbitrary code due to insufficient bounds-testing.
| | Homepage: | http://www.debian.org/security | | File Size: | 18402 | | Related CVE(s): | CVE-2007-3713 | | Last Modified: | Dec 17 20:27:38 2007 |
| MD5 Checksum: | 3fd1f42b2e14e56c457f07ea326a9d91 |
|
| /// File Name: |
dsa-1434-1.txt |
Description:
|
Debian Security Advisory 1434-1 - It was discovered that in MyDNS, a domain name server with database backend, the daemon could be crashed through malicious remote update requests, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 6375 | | Related CVE(s): | CVE-2007-2362 | | Last Modified: | Dec 17 20:28:06 2007 |
| MD5 Checksum: | 35e4d66d0ee02432694954c25e256514 |
|
| /// File Name: |
dsa-1435-1.txt |
Description:
|
Debian Security Advisory 1435-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that an integer overflow in the decompression code for MEW archives may lead to the execution of arbitrary code. It was discovered that on off-by-one in the MS-ZIP decompression code may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16266 | | Related CVE(s): | CVE-2007-6335, CVE-2007-6336 | | Last Modified: | Dec 19 20:33:08 2007 |
| MD5 Checksum: | 87d390e3fa408689e35f1c82920fc3f0 |
|
| /// File Name: |
dsa-1437-1.txt |
Description:
|
Debian Security Advisory 1437-1 - Several local vulnerabilities have been discovered in the Common UNIX Printing System. Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code. Elias Pipping discovered that insecure handling of a temporary file in the pdftops.pl script may lead to local denial of service. This vulnerability is not exploitable in the default configuration.
| | Homepage: | http://www.debian.org/security | | File Size: | 17681 | | Related CVE(s): | CVE-2007-6358, CVE-2007-5849 | | Last Modified: | Dec 28 17:34:14 2007 |
| MD5 Checksum: | 10c8f6d83fcfd04a972e6328349eb517 |
|
| /// File Name: |
dsa-1438-1.txt |
Description:
|
Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
| | Homepage: | http://www.debian.org/security | | File Size: | 7757 | | Related CVE(s): | CVE-2007-4131, CVE-2007-4476 | | Last Modified: | Dec 28 20:18:33 2007 |
| MD5 Checksum: | 9876b5a2363d163e5bd48c7c91cf6a80 |
|
| /// File Name: |
dsa-1439-1.txt |
Description:
|
Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
| | Homepage: | http://www.debian.org/security | | File Size: | 3213 | | Related CVE(s): | CVE-2007-6381 | | Last Modified: | Dec 28 20:19:15 2007 |
| MD5 Checksum: | e6a6d67fe7190ab1580b7f1d8cb23e1d |
|
| /// File Name: |
dsa-1440-1.txt |
Description:
|
Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 5004 | | Related CVE(s): | CVE-2007-5037 | | Last Modified: | Dec 28 20:19:51 2007 |
| MD5 Checksum: | 6d8f37da4c823567251a11b86460b9b6 |
|
| /// File Name: |
dsa-1441-1.txt |
Description:
|
Debian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
| | Homepage: | http://www.debian.org/security | | File Size: | 11270 | | Related CVE(s): | CVE-2007-6454 | | Last Modified: | Dec 28 20:20:32 2007 |
| MD5 Checksum: | 1cc219462c7386396c86f93e433fbada |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
