New User, Welcome!     Login

Next Page >>

Florian Weimer

Re: common dns misconfiguration can lead to "same site" scripting

* David Malone:

> On Mon, Jan 21, 2008 at 09:25:08AM +0100, Florian Weimer wrote:
>
>> | Note that all domains that contain hosts should have a "localhost" A
>> | record in them.
>
>> That RFC was obsoleted by RFC 1912 in 1996, so there's no RFC
>> conformance issue if you omit the domain names.  But it explains why
>> there are so many zones that contain them.

[SECURITY] [DSA 2473-1] openoffice.org security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2473-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
May 16, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openoffice.org
Vulnerability  : buffer overflow

[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2122-2                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
January 11, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glibc
Vulnerability  : missing input sanitization

[SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2054-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
June 04, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : bind9
Vulnerability  : DNS cache poisoning

[SECURITY] [DSA 2373-1] inetutils security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2373-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 25, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : inetutils
Vulnerability  : buffer overflow

[SECURITY] [DSA 1494-2] New linux-2.6 packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1494-2                security@debian.org
http://www.debian.org/security/           Florian Weimer, dann frazier
February 12, 2008                   http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : missing access checks

[SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1581-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
May 20, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : gnutls13
Vulnerability  : several

[SECURITY] [DSA 2459-2] quagga security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2459-2                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
May 04, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quagga
Vulnerability  : regression

[SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1515-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
March 11, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libnet-dns-perl
Vulnerability  : several

[SECURITY] [DSA 1708-1] New Git packages fix remote code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1708-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 19, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : git-core
Vulnerability  : shell command injection

[SECURITY] [DSA 2346-2] proftpd-dfsg regression fix

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2346-2                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 16, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
Vulnerability  : several

[SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1387                    security@debian.org
http://www.debian.org/security/                           Florian Weimer
October 15th, 2007                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : librpcsecgss
Vulnerability  : buffer overflow

[SECURITY] [DSA 1772-1] New udev packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1772-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
April 16, 2009                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : udev
Vulnerability  : several

[SECURITY] [DSA 2243-1] unbound security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2243-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
May 27, 2011                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unbound
Vulnerability  : design flaw

[SECURITY] [DSA 2263-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
June 16, 2011                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : movabletype-opensource
Vulnerability  : several

[SECURITY] [DSA 2411-1] mumble security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2411-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
February 19, 2012                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mumble
Vulnerability  : information disclosure

[SECURITY] [DSA 1860-1] New Ruby packages fix several issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1860-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
August 12, 2009                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : ruby1.8, ruby1.9
Vulnerability  : several

[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1838-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
July 18, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pulseaudio
Vulnerability  : privilege escalation

[SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1771-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
April 15, 2009                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several

[SECURITY] [DSA 1556-2] New perl packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1556-2                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
April 27, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : perl
Vulnerability  : heap buffer overflow

[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1544-2                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
July 16, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pdns-recursor
Vulnerability  : insufficient randomness

[SECURITY] [DSA 1963-1] New unbound packages fix DNSSEC validation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1963-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
December 23, 2009                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : unbound
Vulnerability  : cryptographic implementation error

[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1473                    security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 21, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : scponly
Vulnerability  : design flaw

[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2115-2                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
October 11, 2010                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : moodle
Vulnerability  : several

[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1576-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
May 14, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openssh
Vulnerability  : predictable random number generator

[SECURITY] [DSA 2272-1] bind9 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2272-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
July 05, 2011                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bind9
Vulnerability  : denial of service

[SECURITY] [DSA-2157-1] PostgreSQL security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2157-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
February 03, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-8.3, postgresql-8.4, postgresql-9.0
Vulnerability  : buffer overflow

[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1833-2                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
August 25, 2009                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : dhcp3
Vulnerability  : several

Re: Sun M-class hardware denial of service

Florian Weimer wrote:
> * Theo de Raadt:
>> Management eventually has to decide to impact the SLA's of all domains.
>> That means that Sun's promise of isolation is bunk.
> 
> I don't want to downplay your frustration, but the pattern is fairly
> common: When someone tries to port a new operating system to some
> partitioning system, it's not totally unheard of that the new code takes
> down (parts of) the sytem beyond the assigned partition.

[SECURITY] [DSA 2423-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2423-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
March 02, 2012                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : movabletype-opensource
Vulnerability  : several
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!