[SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1527-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1527-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008 http://www.debian.org/security/faq -...

Ubuntu 7.10 : qt4-x11 vulnerability (USN-579-1)

It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

[SECURITY] [DSA 1498-1] New libimager-perl packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1498-1 [email protected] http://www.debian.org/security/ Steve Kemp February 19, 2008 http://www.debian.org/security/faq -...

Debian DSA-1472-1 : xine-lib - buffer overflow

Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1470-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1465-1 [email protected] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1462-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-1429-1 [email protected] http://www.debian.org/security/ Steve Kemp December 11, 2007 http://www.debian.org/security/faq -...

Debian DSA-1420-1 : zabbix - programming error

Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. zabbix is not included in the oldstable distribution sarge. %NASLMINLEVEL 70300 C Tenable Network Security,...

[SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA 1317-1 [email protected] http://www.debian.org/security/ Steve Kemp June 23, 2007 - ------------------------------------------------------------------------ Package : tinymux Vulnerability :...

Debian DSA-1298-1 : otrs2 - missing input sanitising

It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code. The oldstable distribution sarge doesn't include otrs2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 1298-1] New otrs2 packages fix cross-site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 1298-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 28th, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks

------------------------------------------------------------------------ Debian Security Advisory DSA-1236-1 [email protected] http://www.debian.org/security/ Steve Kemp December 13, 2006 - ------------------------------------------------------------------------ Package : enemies-of-carlotta...

Debian DSA-976-1 : libast - buffer overflow

Johnny Mast discovered a buffer overflow in libast, the library of assorted spiffy things, that can lead to the execution of arbitrary code. This library is used by eterm which is installed setgid uid which leads to a vulnerability to alter the utmp file. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-1102-1 : pinball - design error

Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-1139-1 : ruby1.6 - missing privilege checks

It was discovered that the interpreter for the Ruby language does not properly maintain 'safe levels' for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-873-1 : net-snmp - programming error

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agents that have opened a stream based protocol e.g. TCP but not UDP. By default, Net-SNMP does not open a TCP port. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1016-1 : evolution - format string vulnerabilities

Ulf Harnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1107-1 [email protected] http://www.debian.org/security/ Martin Schulze July 10th, 2006 http://www.debian.org/security/faq -...