page content
RSS feed Debian security
This is the RSS feed imported from the following address : http://www.debian.org/security/dsa-long.en.rdf
DSA-2405 apache2 - multiple issues
Several vulnerabilities have been found in the Apache HTTPD Server:
6th of February 2012
read more about DSA-2405 apache2 - multiple issuesDSA-2403 php5 - code injection
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
6th of February 2012
read more about DSA-2403 php5 - code injectionDSA-2404 xen-qemu-dm-4.0 - buffer overflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
5th of February 2012
read more about DSA-2404 xen-qemu-dm-4.0 - buffer overflowDSA-2384 cacti - several vulnerabilities
Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
4th of February 2012
read more about DSA-2384 cacti - several vulnerabilitiesDSA-2402 iceape - several vulnerabilities
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
2nd of February 2012
read more about DSA-2402 iceape - several vulnerabilitiesDSA-2401 tomcat6 - several vulnerabilities
Several vulnerabilities have been found in Tomcat, a servlet and JSP engine:
2nd of February 2012
read more about DSA-2401 tomcat6 - several vulnerabilitiesDSA-2400 iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
2nd of February 2012
read more about DSA-2400 iceweasel - several vulnerabilitiesDSA-2399 php5 - several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:
31st of January 2012
read more about DSA-2399 php5 - several vulnerabilitiesDSA-2398 curl - several vulnerabilities
Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:
30th of January 2012
read more about DSA-2398 curl - several vulnerabilitiesDSA-2397 icu - buffer underflow
It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.
29th of January 2012
read more about DSA-2397 icu - buffer underflowDSA-2396 qemu-kvm - buffer underflow
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
27th of January 2012
read more about DSA-2396 qemu-kvm - buffer underflowDSA-2395 wireshark - buffer underflow
Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068).
27th of January 2012
read more about DSA-2395 wireshark - buffer underflowDSA-2394 libxml2 - several vulnerabilities
Many security problems have been fixed in libxml2, a popular library to handle XML data files.
27th of January 2012
read more about DSA-2394 libxml2 - several vulnerabilitiesDSA-2393 bip - buffer overflow
Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users.
25th of January 2012
read more about DSA-2393 bip - buffer overflowDSA-2392 openssl - out-of-bounds read
Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.
23rd of January 2012
read more about DSA-2392 openssl - out-of-bounds readDSA-2301 rails - several vulnerabilities
Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:
23rd of January 2012
read more about DSA-2301 rails - several vulnerabilitiesDSA-2391 phpmyadmin - several vulnerabilities
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
22nd of January 2012
read more about DSA-2391 phpmyadmin - several vulnerabilitiesDSA-2390 openssl - several vulnerabilities
Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
15th of January 2012
read more about DSA-2390 openssl - several vulnerabilitiesDSA-2389 linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
15th of January 2012
read more about DSA-2389 linux-2.6 - privilege escalation/denial of service/information leakDSA-2388 t1lib - several vulnerabilities
Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.
14th of January 2012
read more about DSA-2388 t1lib - several vulnerabilitiesDSA-2387 simplesamlphp - insufficient input sanitation
timtai1
discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data.11th of January 2012
read more about DSA-2387 simplesamlphp - insufficient input sanitationDSA-2386 openttd - several vulnerabilities
Several vulnerabilities have been discovered in OpenTTD, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service.
10th of January 2012
read more about DSA-2386 openttd - several vulnerabilitiesDSA-2385 pdns - packet loop
Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
10th of January 2012
read more about DSA-2385 pdns - packet loopDSA-2383 super - buffer overflow
Robert Luberda discovered a buffer overflow in the syslog logging code of Super, a tool to execute scripts (or other commands) as if they were root. The default Debian configuration is not affected.
8th of January 2012
read more about DSA-2383 super - buffer overflowDSA-2382 ecryptfs-utils - multiple vulnerabilities
Several problems have been discovered in eCryptfs, a cryptographic filesystem for Linux.
7th of January 2012
read more about DSA-2382 ecryptfs-utils - multiple vulnerabilities
