Section: .. / 0804-advisories /
| /// File Name: |
dsa-1544-1.txt |
Description:
|
Debian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
| | Homepage: | http://www.debian.org/security | | File Size: | 4181 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Apr 10 16:37:42 2008 |
| MD5 Checksum: | 5f318a0c586da19bca411140ef2d5fe4 |
|
| /// File Name: |
dsa-1545-1.txt |
Description:
|
Debian Security Advisory 1545-1 - Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 4483 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 10 17:19:22 2008 |
| MD5 Checksum: | 60c2d47e8f39b7e8a4cb8ba00b9f1eb6 |
|
| /// File Name: |
dsa-1546-1.txt |
Description:
|
Debian Security Advisory 1546-1 - Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
| | Homepage: | http://www.debian.org/security | | File Size: | 7163 | | Related CVE(s): | CVE-2008-0668 | | Last Modified: | Apr 11 14:43:54 2008 |
| MD5 Checksum: | 62211853fd243d4e4c877338d31b6896 |
|
| /// File Name: |
dsa-1547-1.txt |
Description:
|
Debian Security Advisory 1547-1 - Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 52522 | | Related CVE(s): | CVE-2008-0320, CVE-2007-5746, CVE-2007-5745, CVE-2007-5747 | | Last Modified: | Apr 17 12:59:27 2008 |
| MD5 Checksum: | 3e602f9510435bd086117c6f3188a51f |
|
| /// File Name: |
dsa-1548-1.txt |
Description:
|
Debian Security Advisory 1548-1 - Kees Cook discovered a vulnerability in xpdf, set set of tools for display and conversion of Portable Document Format (PDF) files.
| | Homepage: | http://www.debian.org/security | | File Size: | 6400 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:17:03 2008 |
| MD5 Checksum: | 29c28e6cbf2659b22b137b48473c334b |
|
| /// File Name: |
dsa-1550-1.txt |
Description:
|
Debian Security Advisory 1550-1 - It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users.
| | Homepage: | http://www.debian.org/security | | File Size: | 7859 | | Related CVE(s): | CVE-2008-1614 | | Last Modified: | Apr 17 18:18:54 2008 |
| MD5 Checksum: | bef82248dd7413e9a01bf8798566936a |
|
| /// File Name: |
dsa-1552-1.txt |
Description:
|
Debian Security Advisory 1552-1 - It was discovered that the MPlayer movie player performs insufficient input sanitising on SDP session data, leading to potential execution of arbitrary code through a malformed multimedia stream.
| | Homepage: | http://www.debian.org/security | | File Size: | 4819 | | Related CVE(s): | CVE-2008-1558 | | Last Modified: | Apr 21 16:29:21 2008 |
| MD5 Checksum: | 61e35e32377c68a3a4e5e395f60218c1 |
|
| /// File Name: |
dsa-1553-1.txt |
Description:
|
Debian Security Advisory 1553-1 - It has been discovered that ikiwiki, a Wiki implementation, does not guard password and content changes against cross-site request forgery (CSRF) attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 2907 | | Related CVE(s): | CVE-2008-0165 | | Last Modified: | Apr 21 16:29:58 2008 |
| MD5 Checksum: | 40145921dada82148fce1f0b2786e383 |
|
| /// File Name: |
dsa-1554-1.txt |
Description:
|
Debian Security Advisory 1554-1 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 2870 | | Related CVE(s): | CVE-2008-1474 | | Last Modified: | Apr 22 21:38:46 2008 |
| MD5 Checksum: | 6b2b7779f8f672b281cfeb13dd219e04 |
|
| /// File Name: |
dsa-1555-1.txt |
Description:
|
Debian Security Advisory 1555-1 - It was discovered that crashes in the Javascript engine of Iceweasel, an unbranded version of the Firefox browser could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8704 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 23 14:45:31 2008 |
| MD5 Checksum: | 8ef01c81b61d199dcb53beb6c33149a3 |
|
| /// File Name: |
dsa-1556-1.txt |
Description:
|
Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
| | Homepage: | http://www.debian.org/security | | File Size: | 13238 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | Apr 24 16:44:35 2008 |
| MD5 Checksum: | 301dc75bc63005c52eccfcb3ffbdb515 |
|
| /// File Name: |
dsa-1556-2.txt |
Description:
|
Debian Security Advisory 1556-2 - An editorial mistake resulted in DSA-1556-1 not correctly applying the required change, making it ineffective. This DSA has been reissued as DSA-1556-2. It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
| | Homepage: | http://www.debian.org/security | | File Size: | 13470 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | Apr 28 11:06:46 2008 |
| MD5 Checksum: | d385186a4b6ec37e19b30adc4b31b87b |
|
| /// File Name: |
dsa-1557-1.txt |
Description:
|
Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.
| | Homepage: | http://www.debian.org/security | | File Size: | 3673 | | Related CVE(s): | CVE-2008-1149, CVE-2008-1567, CVE-2008-1924 | | Last Modified: | Apr 24 16:46:15 2008 |
| MD5 Checksum: | 048c9857c58552e12caabe6fe8388596 |
|
| /// File Name: |
dsa-1558-1.txt |
Description:
|
Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 27398 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 24 17:07:47 2008 |
| MD5 Checksum: | 4850d8da80953fcdd093d6f183997530 |
|
| /// File Name: |
dsa-1559-1.txt |
Description:
|
Debian Security Advisory 1559-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, performed insufficient input sanitising on some parameters, making it vulnerable to cross site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 3872 | | Related CVE(s): | CVE-2007-5051 | | Last Modified: | Apr 28 11:05:57 2008 |
| MD5 Checksum: | fb2de4d559a520307a827d13e3789d95 |
|
| /// File Name: |
dsa-1560-1.txt |
Description:
|
Debian Security Advisory 1560-1 - "The-0utl4w" discovered that the Kronolith, calendar component for the Horde Framework, didn't properly sanitize URL input, leading to a cross-site scripting vulnerability in the add event screen.
| | Homepage: | http://www.debian.org/security | | File Size: | 3094 | | Last Modified: | Apr 28 11:07:30 2008 |
| MD5 Checksum: | 4b932675e980a1f06662af53ca462b60 |
|
| /// File Name: |
dsa-1561-1.txt |
Description:
|
Debian Security Advisory 1561-1 - Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.
| | Homepage: | http://www.debian.org/security | | File Size: | 5747 | | Related CVE(s): | CVE-2008-1293 | | Last Modified: | Apr 28 11:08:15 2008 |
| MD5 Checksum: | bc32356163c95e7e7e2543dfa9e798b9 |
|
| /// File Name: |
dsa-1562-1.txt |
Description:
|
Debian Security Advisory 1562-1 - It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16583 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 28 18:26:16 2008 |
| MD5 Checksum: | 44efe19b09ab216dba3a560ccee827b3 |
|
| /// File Name: |
dsa-1563-1.txt |
Description:
|
Debian Security Advisory 1563-1 - Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 9703 | | Related CVE(s): | CVE-2008-1897 | | Last Modified: | Apr 30 20:49:01 2008 |
| MD5 Checksum: | d3c0c0afebf4599c391e9e1d197a3ac5 |
|
| /// File Name: |
excel-xss.txt |
Description:
|
Excel may suffer from cross site scripting issues if launched within the DOM.
| | Author: | Juan Pablo Lopez Yacubian | | File Size: | 841 | | Last Modified: | Apr 28 11:04:21 2008 |
| MD5 Checksum: | 3cc3372ee2a4323d859b4e10f7c48a75 |
|
| /// File Name: |
filezilla-disclose.txt |
Description:
|
Filezilla versions 3.0.9.2 and below allow local users access to all saved passwords due to the fact that they are stored in plain text in sitemanager.xml.
| | Author: | Carl Hardwick | | File Size: | 732 | | Last Modified: | Apr 18 17:09:36 2008 |
| MD5 Checksum: | c22854541cbb97ff330a427d51f9210e |
|
| /// File Name: |
FreeBSD-SA-08-05.openssh.txt |
Description:
|
FreeBSD Security Advisory - OpenSSH has a X11-forwarding privilege escalation issue. When logging in via SSH with X11-forwarding enabled, sshd(8) fails to correctly handle the case where it fails to bind to an IPv4 port but successfully binds to an IPv6 port. In this case, applications which use X11 will connect to the IPv4 port, even though it had not been bound by sshd(8) and is therefore not being securely forwarded.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5931 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | Apr 17 12:54:59 2008 |
| MD5 Checksum: | f72e2f658b80a6129b0b66d7c1896f52 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
