Next Page >>
Debian Bug
Package : openldap2.3
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658
Debian Bug : 440632 448644 465875
Several remote vulnerabilities have been discovered in OpenLDAP, a
free implementation of the Lightweight Directory Access Protocol. The
Common Vulnerabilities and Exposures project identifies the following
problems:
Package : suphp
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1614
Debian Bug : 475431
It was discovered that suphp, an Apache module to run PHP scripts with
owner permissions handles symlinks insecurely, which may lead to
privilege escalation by local users.
Package : freetype
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3256
Debian Bug : 646120
It was discovered that missing input sanitising in Freetype's glyph
handling could lead to memory corruption, resulting in denial of service
or the execution of arbitrary code.
Package : radvd
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605
Debian Bug : 644614
Multiple security issues were discovered by Vasiliy Kulikov in radvd, an
IPv6 Router Advertisement daemon:
CVE-2011-3602
Package : clamav
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2713
Debian Bug : 490925
This update corrects a packaging and build error in the packages
released in DSA-1616-1. Those packages, while functional, did not
actually apply the fix intended. This update restores the fix
to the package build; no other changes are introduced. For
Package : python-dns
Vulnerability : DNS response spoofing
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1447
Debian Bug : 490217
Multiple weaknesses have been identified in PyDNS, a DNS client
implementation for the Python language. Dan Kaminsky identified a
practical vector of DNS response spoofing and cache poisoning,
exploiting the limited entropy in a DNS transaction ID and lack of
CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182
CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593
CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748
CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776
CVE-2011-2022 CVE-2011-2182
Debian Bug : 618485
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
Package : netpbm-free
Vulnerability : stack-based buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-4274
Debian Bug : 569060
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader
implementation in netpbm-free, a suite of image manipulation utilities.
An attacker could cause a denial of service (application crash) or possibly
Package : maradns
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0520
Debian Bug : 610834
Witold Baryluk discovered that MaraDNS, a simple security-focused
Domain Name Service server, may overflow an internal buffer when
handling requests with a large number of labels, causing a server
crash and the consequent denial of service.
Package : apache2
Vulnerability : failure to drop root privileges
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1176
Debian Bug : 618857
MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that
is included in Debian's apache2 package.
A configuration parsing flaw has been found in MPM_ITK. If the
Package : dtc
Vulnerability : SQL injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0434 CVE-2011-0435 CVE-2011-0436 CVE-2011-0437
Debian Bug : 614302
Ansgar Burchardt discovered several vulnerabilities in DTC, a web
control panel for admin and accounting hosting services.
CVE-2011-0434
Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian Bug : 514713
Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework.
Marcus Krause and Michael Stucki from the TYPO3 security team
Package : vnc4
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-4770
Debian Bug : 513531
It was discovered that xvnc4viewer, a virtual network computing client
software for X, is prone to an integer overflow via a malicious
encoding value that could lead to arbitrary code execution.
Package : horde3
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2010-3077 CVE-2010-3694
Debian Bug : 598582
It was discovered that horde3, the horde web application framework, is
prone to a cross-site scripting attack and a cross-site request forgery.
For the oldstable distribution (lenny), these problems have been fixed
Package : pam-pgsql
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
Debian Bug : 603436
It was discovered that pam-pgsql, a PAM module to authenticate using
a PostgreSQL database, was vulnerable to a buffer overflow in supplied
IP-addresses.
Package : avahi
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1002
Debian Bug : 614785
It was discovered that avahi, an implementation of the zeroconf protocol,
can be crashed remotely by a single UDP packet, which may result in a
denial of service.
Package : dhcp
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5365
Debian Bug : 446354
It was discovered that dhcp, a DHCP server for automatic IP address assignment,
didn't correctly allocate space for network replies. This could potentially
allow a malicious DHCP client to execute arbitary code upon the DHCP server.
Package : mysql-dfsg-5.0
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3963 CVE-2008-4456
Debian Bug : 498362
Multiple vulnerabilities have been identified affecting MySQL, a
relational database server, and its associated interactive client
application. The Common Vulnerabilities and Exposures project
identifies the following two problems:
Package : cvsnt
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-1326
Debian Bug : 593884
It has been discovered that in cvsnt, a multi-platform version of the
original source code versioning system CVS, an error in the
authentication code allows a malicious, unprivileged user, through the
use of a specially crafted branch name, to gain write access to any
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : no CVE Id yet
Debian Bug : 552035
A denial of service vulnerability has been found in nginx, a small and
efficient web server.
Jasson Bell discovered that a remote attacker could cause a denial of service
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2583, CVE-2007-2691, CVE-2007-2692
CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
Debian Bug : 426353, 424778, 424778, 451235
Several vulnerabilities have been found in the MySQL database packages
with implications ranging from unauthorized database modifications to
remotely triggered server crashes.
Package : id3lib3.8.3
Vulnerability : programming error
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2007-4460
Debian Bug : 438540
Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
Library, may lead to denial of service through symlink attacks.
This update to DSA-1365-2 provides missing packages for the mipsel
Packages : cyrus-imapd-2.2 kolab-cyrus-imapd
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2009-2632 CVE-2009-3235
Debian Bug : 547712
It was discovered that the SIEVE component of cyrus-imapd and
kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer
overflow when processing SIEVE scripts.
Package : phpwiki
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-2024 CVE-2007-2025 CVE-2007-3193
Debian Bug : 429201 441390
Several vulnerabilities have been discovered in phpWiki, a wiki engine
written in PHP. The Common Vulnerabilities and Exposures project
identifies the following problems:
Package : openssl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
Debian Bug : 603709
CVE Id(s) : CVE-2010-3864
A flaw has been found in the OpenSSL TLS server extension code parsing
which on affected servers can be exploited in a buffer overrun attack.
This allows an attacker to cause an appliation crash or potentially to
Package : moodle
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153
Debian Bug : 514284
Several vulnerabilities have been discovered in Moodle, an online
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:
Package : afuse
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-2232
Debian Bug : 490921
Anders Kaseorg discovered that afuse, an automounting file system
in user-space, did not properly escape meta characters in paths.
This allowed a local attacker with read access to the filesystem to
execute commands as the owner of the filesystem.
Package : hf
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-2378
Debian Bug : 504182
Steve Kemp discovered that hf, an amateur-radio protocol suite using
a soundcard as a modem, insecurely tried to execute an external command
which could lead to the elevation of privileges for local users.
Package : wordnet
Vulnerability : stack and heap overflows
Problem type : local (remote)
Debian-specific: no
CVE id(s) : CVE-2008-2149
Debian Bug : 481186
Rob Holland discovered several programming errors in WordNet, an
electronic lexical database of the English language. These flaws could
allow arbitrary code execution when used with untrusted input, for
example when WordNet is in use as a back end for a web application.
Package : apt
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-1300 CVE-2009-1358
Debian Bug : 523213 433091
Two vulnerabilities have been discovered in APT, the well-known dpkg
frontend. The Common Vulnerabilities and Exposures project identifies
the following problems:
Next Page>>
|
