Section: .. / 0801-advisories /
| /// File Name: |
sa28608.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28608/ | | File Size: | 25608 | | Last Modified: | Jan 29 21:17:24 2008 |
| MD5 Checksum: | 84c6bbff29a739caf90926f699d3cef3 |
|
| /// File Name: |
dsa-1452-1.txt |
Description:
|
Debian Security Advisory 1452-1 - "k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit.
| | Homepage: | http://www.debian.org/security | | File Size: | 25526 | | Related CVE(s): | CVE-2007-5300 | | Last Modified: | Jan 6 19:45:17 2008 |
| MD5 Checksum: | d6c13cde33b0d40a18f5455d6c886036 |
|
| /// File Name: |
sa28315.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28315/ | | File Size: | 24754 | | Last Modified: | Jan 4 20:33:38 2008 |
| MD5 Checksum: | 72354746d14fcc478ab89e5cdf26d84d |
|
| /// File Name: |
sa28454.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28454/ | | File Size: | 24294 | | Last Modified: | Jan 14 21:34:40 2008 |
| MD5 Checksum: | 365630e1eefa6bc57af52328b279db69 |
|
| /// File Name: |
dsa-1461-1.txt |
Description:
|
Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.
| | Homepage: | http://www.debian.org/security | | File Size: | 22986 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 14 17:11:10 2008 |
| MD5 Checksum: | 3f9f3034d66fc071725507a6f87731e3 |
|
| /// File Name: |
dsa-1458-1.txt |
Description:
|
Debian Security Advisory 1458-1 - A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
| | Homepage: | http://www.debian.org/security | | File Size: | 22781 | | Related CVE(s): | CVE-2007-6599 | | Last Modified: | Jan 10 18:05:14 2008 |
| MD5 Checksum: | d7721b5e98ac6d83fadecc5ea627fa4e |
|
| /// File Name: |
USN-563-1.txt |
Description:
|
Ubuntu Security Notice 563-1 - Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. Elias Pipping discovered that temporary files were not handled safely in certain situations when converting PDF to PS. A local attacker could cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22397 | | Related CVE(s): | CVE-2007-5849, CVE-2007-6358 | | Last Modified: | Jan 9 01:52:17 2008 |
| MD5 Checksum: | f6bc648f15869a7805c6e9b515705d2f |
|
| /// File Name: |
USN-569-1.txt |
Description:
|
Ubuntu Security Notice 569-1 - Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21678 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 14 21:37:14 2008 |
| MD5 Checksum: | f6ecb4d4f27ca86de7c1956245f4fb06 |
|
| /// File Name: |
sa28386.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for cups. This fixes a vulnerability which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and a security issue which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28386/ | | File Size: | 21644 | | Last Modified: | Jan 10 03:17:01 2008 |
| MD5 Checksum: | dff00bf3b383f1f1f8dfa8519444096b |
|
| /// File Name: |
sa28452.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28452/ | | File Size: | 21495 | | Last Modified: | Jan 14 22:03:38 2008 |
| MD5 Checksum: | 00bee8b0032acc6c21524ee29dc4653a |
|
| /// File Name: |
sa28433.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openafs. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28433/ | | File Size: | 21465 | | Last Modified: | Jan 16 00:28:37 2008 |
| MD5 Checksum: | 39d38c95b3fe04b5c7610b5f3ab61fc2 |
|
| /// File Name: |
sa28475.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28475/ | | File Size: | 21048 | | Last Modified: | Jan 16 00:28:37 2008 |
| MD5 Checksum: | 71b53e18d55f0ddd45a89fce163bfc01 |
|
| /// File Name: |
MDVSA-2008-016.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 20603 | | Related CVE(s): | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 | | Last Modified: | Jan 17 00:59:17 2008 |
| MD5 Checksum: | 72b735ddefb8eeff66a3a956e6a7dfa2 |
|
| /// File Name: |
cisco-sa-20080123-avs.txt |
Description:
|
Cisco Security Advisory - Versions of the Cisco Application Velocity System (AVS) prior to software version AVS 5.1.0 do not prompt users to modify system account passwords during the initial configuration process. Because there is no requirement to change these credentials during the initial configuration process, an attacker may be able to leverage the accounts that have default credentials, some of which have root privileges, to take full administrative control of the AVS system.
| | Homepage: | http://www.cisco.com/ | | File Size: | 20371 | | Related CVE(s): | CVE-2008-0029 | | Last Modified: | Jan 23 23:25:41 2008 |
| MD5 Checksum: | c63427ba381292b84f12fd1fbb98d7bd |
|
| /// File Name: |
dsa-1450-1.txt |
Description:
|
Debian Security Advisory 1450-1 - It was discovered that util-linux, Miscellaneous system utilities, did not drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 19668 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Jan 5 19:29:38 2008 |
| MD5 Checksum: | 3238a602809e0f2262812808b4387eb2 |
|
| /// File Name: |
dsa-1471-1.txt |
Description:
|
Debian Security Advisory 1471-1 - Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis.
| | Homepage: | http://www.debian.org/security | | File Size: | 19281 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029, CVE-2007-4066 | | Last Modified: | Jan 21 21:49:40 2008 |
| MD5 Checksum: | 18ce3d5a0178d5487d15fbac16479678 |
|
| /// File Name: |
sa28348.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for util-linux. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28348/ | | File Size: | 18692 | | Last Modified: | Jan 7 19:43:40 2008 |
| MD5 Checksum: | 4f6cfed3239eece1eb2804c0e3c0216f |
|
| /// File Name: |
sa28614.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libvorbis. This fixes some vulnerabilties, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28614/ | | File Size: | 18132 | | Last Modified: | Jan 23 22:55:21 2008 |
| MD5 Checksum: | dcb9be7d45501f7d94e3e1ec3cb57a50 |
|
| /// File Name: |
USN-566-1.txt |
Description:
|
Ubuntu Security Notice 566-1 - Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17844 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Jan 10 04:03:19 2008 |
| MD5 Checksum: | c6ed217cdd53a78d53de2f219184508b |
|
| /// File Name: |
USN-564-1.txt |
Description:
|
Ubuntu Security Notice 564-1 - Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17609 | | Related CVE(s): | CVE-2007-5846 | | Last Modified: | Jan 9 13:14:06 2008 |
| MD5 Checksum: | fbe598aceb94d35be2cb8a92e0fa08fd |
|
| /// File Name: |
sa28413.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for Net-SNMP. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28413/ | | File Size: | 17313 | | Last Modified: | Jan 11 12:37:52 2008 |
| MD5 Checksum: | 5276aebe0acb0b98469a9d8498e84137 |
|
| /// File Name: |
USN-573-1.txt |
Description:
|
Ubuntu Security Notice 573-1 - It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16382 | | Related CVE(s): | CVE-2008-0008 | | Last Modified: | Jan 31 23:58:07 2008 |
| MD5 Checksum: | 50be48546e847365f1810a3037a5cffc |
|
| /// File Name: |
dsa-1466-2.txt |
Description:
|
Debian Security Advisory 1466-2 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update fixes this problem and also references the patch for CVE-2008-0006, which was included in the previous update, but not mentioned in the advisory text.
| | Homepage: | http://www.debian.org/security | | File Size: | 15854 | | Related CVE(s): | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429 | | Last Modified: | Jan 21 20:21:58 2008 |
| MD5 Checksum: | baed4a1f21681eb7baf5690c042e6914 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
