Section: .. / 0805-advisories /
| /// File Name: |
sa30340.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mtr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30340/ | | File Size: | 5848 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | dd81bf94582b2be09a0ef86030e78fb9 |
|
| /// File Name: |
sa30358.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for speex. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30358/ | | File Size: | 5822 | | Last Modified: | May 23 18:43:31 2008 |
| MD5 Checksum: | 83f15f86af1514b0859388750cf07b1a |
|
| /// File Name: |
dsa-1583-1.txt |
Description:
|
Debian Security Advisory 1583-1 - Several remote vulnerabilities have been discovered in Gnome PeerCast, the Gnome interface to PeerCast, a P2P audio and video streaming server. Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5634 | | Related CVE(s): | CVE-2008-6454, CVE-2008-2040 | | Last Modified: | May 20 16:44:01 2008 |
| MD5 Checksum: | e89901539c6ed14bbd402e0acdedca9e |
|
| /// File Name: |
dsa-1573-1.txt |
Description:
|
Debian Security Advisory 1573-1 - Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.
| | Homepage: | http://www.debian.org/security | | File Size: | 5587 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | May 12 10:41:01 2008 |
| MD5 Checksum: | ba15a8cc0a3d8d809028c215d0f8f9a2 |
|
| /// File Name: |
USN-612-7.txt |
Description:
|
Ubuntu Security Notice 612-7 - USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5554 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 20 10:17:08 2008 |
| MD5 Checksum: | a6547a41f905e6a3fd2d547f9767ba3e |
|
| /// File Name: |
MDVSA-2008-106.txt |
Description:
|
Mandriva Linux Security Advisory - Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5331 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 | | Last Modified: | May 27 16:51:26 2008 |
| MD5 Checksum: | 1775f23637b2259cfa9fa2f4bbd1eeba |
|
| /// File Name: |
dsa-1577-1.txt |
Description:
|
Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 5237 | | Related CVE(s): | CVE-2008-0167 | | Last Modified: | May 15 03:51:39 2008 |
| MD5 Checksum: | 81f578fa45368e855560e91c2dd60d4e |
|
| /// File Name: |
dsa-1567-1.txt |
Description:
|
Debian Security Advisory 1567-1 - Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog.
| | Homepage: | http://www.debian.org/security | | File Size: | 5193 | | Related CVE(s): | CVE-2008-1102 | | Last Modified: | May 5 14:20:24 2008 |
| MD5 Checksum: | 17e02085dd445b7a2b13941066ee38c4 |
|
| /// File Name: |
USN-612-8.txt |
Description:
|
Ubuntu Security Notice 612-8 - USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check X.509 certificates as well, and provides the corresponding update for Ubuntu 6.06. While the OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is now provided for Ubuntu 6.06 for checking certificates and keys that may have been imported on these systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5131 | | Last Modified: | May 22 01:20:51 2008 |
| MD5 Checksum: | 37ef9f46cc632ccce7d565ff3e6f5c06 |
|
| /// File Name: |
dsa-1570-1.txt |
Description:
|
Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
| | Homepage: | http://www.debian.org/security | | File Size: | 4937 | | Related CVE(s): | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | May 6 16:44:01 2008 |
| MD5 Checksum: | 7c06871d3debf143c6fa695b70d15b23 |
|
| /// File Name: |
glsa-200805-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4800 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | May 6 16:22:04 2008 |
| MD5 Checksum: | fbc502d5bf403437b5eb5c915a78fca3 |
|
| /// File Name: |
dsa-1566-1.txt |
Description:
|
Debian Security Advisory 1566-1 - Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.
| | Homepage: | http://www.debian.org/security | | File Size: | 4745 | | Related CVE(s): | CVE-2007-4476 | | Last Modified: | May 2 15:28:57 2008 |
| MD5 Checksum: | 476ba261ed8d427273e76818858d57c5 |
|
| /// File Name: |
secunia-imlib2.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. imlib2 version 1.4.0 is affected.
| | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4742 | | Related CVE(s): | CVE-2008-2426 | | Last Modified: | May 29 13:56:58 2008 |
| MD5 Checksum: | be26fa0c3bd9bd6db1a692df74cf6246 |
|
| /// File Name: |
sa30286.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gforge. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/30286/ | | File Size: | 4705 | | Last Modified: | May 19 14:31:39 2008 |
| MD5 Checksum: | 48431c68e82d7537ddbf4c892b9ce8e4 |
|
| /// File Name: |
SECOBJADV-2008-01.txt |
Description:
|
Security Objectives Advisory - Lenovo System Update allows arbitrary update executables to be downloaded and installed from a rogue server. The Client DLL does not perform certificate chain verification when initiating an SSL connection with the server. Version 3.13.0005 Build date 2008-1-3 is affected. Other versions may also be affected.
| | Author: | Derek Callaway | | Homepage: | http://www.security-objectives.com/ | | File Size: | 4703 | | Last Modified: | May 27 18:09:22 2008 |
| MD5 Checksum: | ea869b75c524898156553df7293ac0d5 |
|
| /// File Name: |
sa30325.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnome-peercast. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30325/ | | File Size: | 4643 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | 5bd92d9a9122aff11116728853cf8304 |
|
| /// File Name: |
secunia-foxit.txt |
Description:
|
Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4610 | | Related CVE(s): | CVE-2008-1104 | | Last Modified: | May 20 10:15:21 2008 |
| MD5 Checksum: | 279d313f561b4f6687c47e56615435ef |
|
| /// File Name: |
secunia-smbraw.txt |
Description:
|
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser. Samba versions 3.0.28a and 3.0.29 are affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4582 | | Related CVE(s): | CVE-2008-1105 | | Last Modified: | May 29 13:57:58 2008 |
| MD5 Checksum: | 8b50b5f7f3e20c60bd7e3a2d316423ce |
|
| /// File Name: |
TA08-137A.txt |
Description:
|
Technical Cyber Security Alert TA08-137A - A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Any package that uses the affected version of SSL could be vulnerable.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4530 | | Last Modified: | May 19 14:54:42 2008 |
| MD5 Checksum: | 545003fb0e62ad13cfa66b242929688b |
|
| /// File Name: |
sa30143.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30143/ | | File Size: | 4517 | | Last Modified: | May 13 17:43:00 2008 |
| MD5 Checksum: | b1311808e2a5a87ca34dece2f5fe12d3 |
|
| /// File Name: |
04.30.08-1.txt |
Description:
|
iDefense Security Advisory 04.30.08 - Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 4508 | | Related CVE(s): | CVE-2008-6339 | | Last Modified: | May 1 18:26:46 2008 |
| MD5 Checksum: | 4026d3cb280e06a5aeaf9544acbbbdd7 |
|
| /// File Name: |
sa30097.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30097/ | | File Size: | 4481 | | Last Modified: | May 6 18:57:38 2008 |
| MD5 Checksum: | 82d690cfbe78d7848a29e2d02e48e120 |
|
| /// File Name: |
sa30106.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kazehakase. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30106/ | | File Size: | 4462 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | 788c1a8a8c457a5945afd1dad18c6ceb |
|
| /// File Name: |
dsa-1580-1.txt |
Description:
|
Debian Security Advisory 1580-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error.
| | Homepage: | http://www.debian.org/security | | File Size: | 4397 | | Related CVE(s): | CVE-2008-2064 | | Last Modified: | May 20 10:16:19 2008 |
| MD5 Checksum: | 85cc2abdaaad9d63dd016aac385c4e66 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
