|
King of Glory Lutheran Church
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
<< Mandriva | Distributions | Gentoo >>
Community
Support
|
Debian Planet
|
Debian Security Notices
- DSA-1570 kazehakase - various
Andrews Salomon reported that kazehakase, a GTK+-base web browser thatallows pluggable rendering engines, contained an embedded copy of thePCRE library in its source tree which was compiled in and used in preferenceto the system-wide version of this library.
- DSA-1567 blender - buffer overrun
Stefan Cornelius discovered a vulnerability in the Radiance HighDynamic Range (HDR) image parser in Blender, a 3D modellingapplication. The weakness could enable a stack-based buffer overflowand the execution of arbitrary code if a maliciously-crafted HDR fileis opened, or if a directory containing such a file is browsed viaBlender's image-open dialog.
- DSA-1566 cpio - programming error
Dmitry Levin discovered a vulnerability in path handling code used bythe cpio archive utility. The weakness could enable a denial ofservice (crash) or potentially the execution of arbitrary code if avulnerable version of cpio is used to extract or to list the contentsof a maliciously crafted archive.
- DSA-1565 linux-2.6 - several vulnerabilities
Several local vulnerabilities have been discovered in the Linux kernelthat may lead to a denial of service or the execution of arbitrarycode. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
- DSA-1563 asterisk - programming error
Joel R. Voss discovered that the IAX2 module of Asterisk, a freesoftware PBX and telephony toolkit performs insufficient validation ofIAX2 protocol messages, which may lead to denial of service.
- DSA-1562 iceape - programming error
It was discovered that crashes in the JavaScript engine of Iceape,an unbranded version of the Seamonkey internet suite couldpotentially lead to the execution of arbitrary code.
- DSA-1561 ldm - programming error
Christian Herzog discovered that within the Linux Terminal Server Project,it was possible to connect to X on any LTSP client from any host on thenetwork, making client windows and keystrokes visible to that host.
- DSA-1558 xulrunner - programming error
It was discovered that crashes in the Javascript engine of xulrunner,the Gecko engine library, could potentially lead to the execution ofarbitrary code.
- DSA-1556 perl - heap buffer overflow
It has been discovered that the Perl interpreter may encounter a bufferoverflow condition when compiling certain regular expressions containingUnicode characters. This also happens if the offending characters arecontained in a variable reference protected by the \Q...\E quotingconstruct. When encountering this condition, the Perl interpretertypically crashes, but arbitrary code execution cannot be ruled out.
- DSA-1555 iceweasel - programming error
It was discovered that crashes in the Javascript engine of Iceweasel,an unbranded version of the Firefox browser, could potentially lead tothe execution of arbitrary code.
- DSA-1554 roundup - insufficient input sanitising
Roundup, an issue tracking system, fails to properly escape HTML input,allowing an attacker to inject client-side code (typically JavaScript)into a document that may be viewed in the victim's browser.
- DSA-1552 mplayer - missing input sanitising
It was discovered that the MPlayer movie player performs insufficientinput sanitising on SDP session data, leading to potential executionof arbitrary code through a malformed multimedia stream.
- DSA-1550 suphp - programming error
It was discovered that suphp, an Apache module to run PHP scripts withowner permissions handles symlinks insecurely, which may lead toprivilege escalation by local users.
- DSA-1549 clamav - buffer overflows
Several remote vulnerabilities have been discovered in the Clam anti-virustoolkit. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
- DSA-1548 xpdf - several vulnerabilities
Kees Cook discovered a vulnerability in xpdf, a set of tools fordisplay and conversion of Portable Document Format (PDF) files. TheCommon Vulnerabilities and Exposures project identifies the followingproblem:
- DSA-1546 gnumeric - integer overflow
Thilo Pfennig and Morten Welinder discovered several integer overflowweaknesses in Gnumeric, a GNOME spreadsheet application. Thesevulnerabilities could result in the execution of arbitrary codethrough the opening of a maliciously crafted Excel spreadsheet.
- DSA-1545 rsync - integer overflow
Sebastian Krahmer discovered that an integer overflow in rsync's codefor handling extended attributes may lead to arbitrary code execution.
- DSA-1544 pdns-recursor - design flaw
Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses aweak random number generator to create DNS transaction IDs and UDPsource port numbers. As a result, cache poisoning attacks weresimplified. (CVE-2008-1637)
- DSA-1543 vlc - several vulnerabilities
Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, GuidoLandi, Felipe Manzano, Anibal Sacco and others discovered multiplevulnerabilities in vlc, an application for playback and streaming ofaudio and video. In the worst case, these weaknesses permit a remote,unauthenticated attacker to execute arbitrary code with the privilegesof the user running vlc.
- DSA-1542 libcairo - integer overflow
Peter Valchev (Google Security) discovered a series of integeroverflow weaknesses in Cairo, a vector graphics rendering library usedby many other applications. If an application uses cairo to render amaliciously crafted PNG image, the vulnerability allows the executionof arbitrary code.
- DSA-1541 openldap2.3 - several vulnerabilities
Several remote vulnerabilities have been discovered in OpenLDAP, afree implementation of the Lightweight Directory Access Protocol. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
|
