contenu de la page
Flux RSS sécurité de debian
Ceci est le flux RSS importé de l'adresse suivante : http://www.debian.org/security/dsa-long.fr.rdf
DSA-2104 quagga - several vulnerabilities
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.
6 septembre 2010
lire plus sur DSA-2104 quagga - several vulnerabilitiesDSA-2103 smbind - sql injection
It was discovered that smbind, a PHP-based tool for managing DNS zones for BIND, does not properly validating input. An unauthenticated remote attacker could execute arbitrary SQL commands or gain access to the admin account.
5 septembre 2010
lire plus sur DSA-2103 smbind - sql injectionDSA-2102 barnowl - unchecked return value
It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code.
3 septembre 2010
lire plus sur DSA-2102 barnowl - unchecked return valueDSA-2101 wireshark - several vulnerabilities
Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code.
31 août 2010
lire plus sur DSA-2101 wireshark - several vulnerabilitiesDSA-2100 openssl - double free
George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code.
30 août 2010
lire plus sur DSA-2100 openssl - double freeDSA-2099 openoffice.org - buffer overflows
Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
30 août 2010
lire plus sur DSA-2099 openoffice.org - buffer overflowsDSA-2098 typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory.
29 août 2010
lire plus sur DSA-2098 typo3-src - several vulnerabilitiesDSA-2097 phpmyadmin - insufficient input sanitising
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
29 août 2010
lire plus sur DSA-2097 phpmyadmin - insufficient input sanitisingDSA-2096 zope-ldapuserfolder - missing input validation
Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to gain administrative access to the Zope instance, by providing an arbitrary password.
24 août 2010
lire plus sur DSA-2096 zope-ldapuserfolder - missing input validationDSA-2095 lvm2 - insecure communication protocol
Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service.
23 août 2010
lire plus sur DSA-2095 lvm2 - insecure communication protocolDSA-2094 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
19 août 2010
lire plus sur DSA-2094 linux-2.6 - privilege escalation/denial of service/information leakDSA-2093 ghostscript - several vulnerabilities
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems:
19 août 2010
lire plus sur DSA-2093 ghostscript - several vulnerabilitiesDSA-2091 squirrelmail - No user-specific token implemented
SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.
12 août 2010
lire plus sur DSA-2091 squirrelmail - No user-specific token implemented
