Section: .. / 0803-advisories /
| /// File Name: |
dsa-1526-1.txt |
Description:
|
Debian Security Advisory 1526-1 - Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities have been discovered in xwine, a graphical user interface for the WINE emulator.
| | Homepage: | http://www.debian.org/security | | File Size: | 4688 | | Related CVE(s): | CVE-2008-0930, CVE-2008-0931 | | Last Modified: | Mar 20 17:14:07 2008 |
| MD5 Checksum: | f3591740a9a2c662daf958fc7ae20e66 |
|
| /// File Name: |
dsa-1527-1.txt |
Description:
|
Debian Security Advisory 1527-1 - Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
| | Homepage: | http://www.debian.org/security | | File Size: | 3764 | | Related CVE(s): | CVE-2007-3912 | | Last Modified: | Mar 24 18:35:48 2008 |
| MD5 Checksum: | 5ba6224fb62fbd40a921effcb4606c7e |
|
| /// File Name: |
dsa-1528-1.txt |
Description:
|
Debian Security Advisory 1528-1 - Peter Huwe and Hanno Boeck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 3253 | | Related CVE(s): | CVE-2007-6205, CVE-2008-0124 | | Last Modified: | Mar 24 18:36:47 2008 |
| MD5 Checksum: | 959f44d15f7d2b0d973b0d31b8c7fcfa |
|
| /// File Name: |
dsa-1529-1.txt |
Description:
|
Debian Security Advisory 1529-1 - Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service. This Debian security advisory is a bit unusual. While it's normally their strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues.
| | Homepage: | http://www.debian.org/security | | File Size: | 3228 | | Related CVE(s): | CVE-2008-0387, CVE-2008-0467, CVE-2006-7211, CVE-2007-4664, CVE-2007-4665, CVE-2007-4666, CVE-2007-4667, CVE-2007-4668, CVE-2007-4669, CVE-2007-3527, CVE-2007-3181, CVE-2007-2606, CVE-2006-7212, CVE-2006-7213, CVE-2006-7214 | | Last Modified: | Mar 27 14:42:24 2008 |
| MD5 Checksum: | bda9e699a247ea6096d7dfe6c766f038 |
|
| /// File Name: |
dsa-1530-1.txt |
Description:
|
Debian Security Advisory 1530-1 - Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. A heap-based buffer overflow in CUPS, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. A double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer.
| | Homepage: | http://www.debian.org/security | | File Size: | 15172 | | Related CVE(s): | CVE-2008-0047, CVE-2008-0882 | | Last Modified: | Mar 25 20:21:40 2008 |
| MD5 Checksum: | 06e215d90f278f1145a9e7448095ea17 |
|
| /// File Name: |
dsa-1531-1.txt |
Description:
|
Debian Security Advisory 1531-1 - Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 3261 | | Last Modified: | Mar 27 14:43:16 2008 |
| MD5 Checksum: | 6556119dc52143adcdf2995ad20f00a1 |
|
| /// File Name: |
dsa-1531-2.txt |
Description:
|
Debian Security Advisory 1531-2 - The previous update for policyd-weight was unfortunately not complete. Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 3453 | | Last Modified: | Mar 31 16:55:43 2008 |
| MD5 Checksum: | f69ebe8422823d5faa23ca41ef6eb780 |
|
| /// File Name: |
dsa-1533-1.txt |
Description:
|
Debian Security Advisory 1533-1 - Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images.
| | Homepage: | http://www.debian.org/security | | File Size: | 5025 | | Related CVE(s): | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356 | | Last Modified: | Mar 28 16:35:02 2008 |
| MD5 Checksum: | 9390a6d4b11d76463eadf3ca15dafe78 |
|
| /// File Name: |
DSECRG-08-017.txt |
Description:
|
Flyspray version 0.9.9.4 suffers from multiple cross site scripting vulnerabilities.
| | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 3629 | | Last Modified: | Mar 3 17:35:23 2008 |
| MD5 Checksum: | ffee5a14cb79520404c26239c52a6845 |
|
| /// File Name: |
f5console-xss.txt |
Description:
|
The F5 BIG-IP web management console is susceptible to a persistent cross site scripting vulnerability.
| | Author: | nnposter | | File Size: | 1289 | | Last Modified: | Mar 12 20:21:40 2008 |
| MD5 Checksum: | a88f29039406b76fe930de6bdcb83863 |
|
| /// File Name: |
f5log-xss.txt |
Description:
|
The F5 BIG-IP web management interface suffers from a persistent cross site scripting vulnerability in the audit log facility. Version 9.4.3 has been identified as vulnerable and other versions may also be affected.
| | Author: | nnposter | | File Size: | 1100 | | Last Modified: | Mar 24 17:26:45 2008 |
| MD5 Checksum: | 4cf953318d916fd1c300b49c7bc8f8a5 |
|
| /// File Name: |
glsa-200803-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-02 - Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow (CVE-2008-0387). Furthermore, it is vulnerable to a buffer overflow when processing usernames (CVE-2008-0467). Versions less than 2.0.3.12981.0-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3042 | | Related CVE(s): | CVE-2008-0387, CVE-2008-0467 | | Last Modified: | Mar 3 16:12:42 2008 |
| MD5 Checksum: | e091b565563607edd66074a21f9593b1 |
|
| /// File Name: |
glsa-200803-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-03 - Viktor Griph reported that the AudacityApp::OnInit() method in file src/AudacityApp.cpp does not handle temporary files properly. Versions less than 1.3.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2802 | | Related CVE(s): | CVE-2007-6061 | | Last Modified: | Mar 3 16:13:01 2008 |
| MD5 Checksum: | c61f312d22baf4b9f385c4a603c340a2 |
|
| /// File Name: |
glsa-200803-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-04 - seiji reported that the filename for the uploaded file in bug_report.php is not properly sanitized before being stored. Versions less than 1.0.8-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3048 | | Related CVE(s): | CVE-2007-6611 | | Last Modified: | Mar 3 16:13:22 2008 |
| MD5 Checksum: | aaf87384be6c3e2fa49a02dba098df76 |
|
| /// File Name: |
glsa-200803-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-05 - Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Versions less than 1.6.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2880 | | Related CVE(s): | CVE-2008-0162 | | Last Modified: | Mar 3 16:13:39 2008 |
| MD5 Checksum: | 7da0818089b962b60001c958af1d47a0 |
|
| /// File Name: |
glsa-200803-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-06 - Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the range parameter before processing it. Versions less than 1.5.8-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3063 | | Related CVE(s): | CVE-2008-0932 | | Last Modified: | Mar 3 16:13:56 2008 |
| MD5 Checksum: | 6af4daeebe05c22de986923daf879240 |
|
| /// File Name: |
glsa-200803-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-07 - Dwayne C. Litzenberger reported that the file common.py does not properly use RandomPool when using threads or forked processes. Versions less than 1.7.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2994 | | Related CVE(s): | CVE-2008-0299 | | Last Modified: | Mar 3 16:20:38 2008 |
| MD5 Checksum: | 4a5a6c224a680c4d83aed4a5b825bcde |
|
| /// File Name: |
glsa-200803-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-08 - Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Versions less than 20071007-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3981 | | Related CVE(s): | CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389, CVE-2007-4674, CVE-2007-6166 | | Last Modified: | Mar 4 17:49:07 2008 |
| MD5 Checksum: | ed1bd085d95103e6d32a610802391f72 |
|
| /// File Name: |
glsa-200803-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-09 - Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path (CVE-2008-1080). Max Leonov found out that image comments might be treated as scripts, and run within the wrong security context (CVE-2008-1081). Arnaud reported that a wrong representation of DOM attribute values of imported XML documents allows them to bypass sanitization filters (CVE-2008-1082). Versions less than 9.26 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3570 | | Related CVE(s): | CVE-2008-1080, CVE-2008-1081, CVE-2008-1082 | | Last Modified: | Mar 4 17:49:21 2008 |
| MD5 Checksum: | 8eea1251e36fea6ab90c7f5ffcb9c1ac |
|
| /// File Name: |
glsa-200803-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-10 - lighttpd contains a calculation error when allocating the global file descriptor array (CVE-2008-0983). Furthermore, it sends the source of a CGI script instead of returning a 500 error (Internal Server Error) when the fork() system call fails (CVE-2008-1111). Versions less than 1.4.18-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2951 | | Related CVE(s): | CVE-2008-0983, CVE-2008-1111 | | Last Modified: | Mar 12 14:40:50 2008 |
| MD5 Checksum: | e48bc764fb93582dba82a145e3b426a3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
