Document Actions
Debian-Sicherheitsankündigung
Sicherheitsankündigung für das Betriebssystem Debian GNU/Linux.
| 03-04-2009 |
DSA-1761 moodle - missing input sanitization
Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management
system, doesn't check user input for certain TeX commands which allows an attacker to include
and display the content of arbitrary system files.
|
| 02-04-2009 |
DSA-1762 icu - insufficient input sanitising
It was discovered that icu, the internal components for Unicode, did not properly sanitise
invalid encoded data, which could lead to crosssite scripting attacks.
|
| 30-03-2009 |
DSA-1757 auth2db - SQL injection
It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an
SQL injection vulnerability, when used with multibyte character encodings.
|
| 30-03-2009 |
DSA-1758 nss-ldapd - insecure config file creation
Leigh James discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by
default creates the configuration file /etc/nss-ldapd.conf world-readable which could
leak the configured LDAP password if one is used for connecting to the LDAP server.
|
| 30-03-2009 |
DSA-1759 strongswan - denial of service
Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for
linux, is prone to a denial of service attack via a malicious packet.
|
| 30-03-2009 |
DSA-1760 openswan - denial of service
Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux.
The Common Vulnerabilities and Exposures project identifies the following problems:
|
| 29-03-2009 |
DSA-1756 xulrunner - multiple vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment
for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and
Exposures project identifies the following problems:
|
| 25-03-2009 |
DSA-1755 systemtap - race condition
Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an
instrumentation system for Linux 2.6, allows local privilege escalation for members of the
stapusr group.
|
| 24-03-2009 |
DSA-1753 iceweasel - end-of-life announcement for Iceweasel in oldstable
As indicated in the Etch release notes, security support for the Iceweasel version in the
oldstable distribution (Etch) needed to be stopped before the end of the regular security
maintenance life cycle.
|
| 23-03-2009 |
DSA-1752 webcit - format string vulnerability
Wilfried Goesgens discovered that WebCit, the web-based user interface for the Citadel
groupware system, contains a format string vulnerability in the mini_calendar component,
possibly allowing arbitrary code execution ( CVE-2009-0364 ).
|
| 22-03-2009 |
DSA-1750 libpng - several vulnerabilities
Several vulnerabilities have been discovered in libpng, a library for reading and writing
PNG files. The Common Vulnerabilities and Exposures project identifies the following
problems:
|
| 22-03-2009 |
DSA-1751 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment
for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and
Exposures project identifies the following problems:
|
| 20-03-2009 |
DSA-1745 lcms - several vulnerabilities
Several security issues have been discovered in lcms, a color management library. The Common
Vulnerabilities and Exposures project identifies the following problems:
|
| 20-03-2009 |
DSA-1746 ghostscript - several vulnerabilities
Two security issues have been discovered in ghostscript, the GPL Ghostscript
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies
the following problems:
|
| 20-03-2009 |
DSA-1747 glib2.0 - integer overflow
Diego Petten discovered that glib2.0, the GLib library of C routines, handles large strings
insecurely via its Base64 encoding functions. This could possible lead to the execution of
arbitrary code.
|
| 20-03-2009 |
DSA-1748 libsoup - integer overflow
It was discovered that libsoup, an HTTP library implementation in C, handles large strings
insecurely via its Base64 encoding functions. This could possibly lead to the execution of
arbitrary code.
|
| 20-03-2009 |
DSA-1749 linux-2.6 - denial of service/privilege escalation/sensitive memory leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of
service or privilege escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
|
| 18-03-2009 |
DSA-1744 weechat - missing input sanitization
Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC
client could cause an out-of-bounds read of an internal color array. This can be used by an
attacker to crash user clients via a crafted PRIVMSG command.
|
| 17-03-2009 |
DSA-1743 libtk-img - buffer overflows
Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform
graphical toolkit, which could lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
|
| 16-03-2009 |
DSA-1742 libsndfile - integer overflow
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is
prone to an integer overflow. This causes a heap-based buffer overflow when processing
crafted CAF description chunks possibly leading to arbitrary code execution.
|