35 matches found
[BSA-061] Security Update for openswan
Harald Jenny uploaded new packages for openswan which fixed the following security problems: CVE-2011-4073 Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service pluto IKE daemo...
[BSA-061] Security Update for openswan
Harald Jenny uploaded new packages for openswan which fixed the following security problems: CVE-2011-4073 Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service pluto IKE daemo...
[BSA-057] Security update for nss
This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority. More information can be found in the Mozilla Security Blog: http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ This...
[BSA-048] Security Update for Iceweasel
I uploaded new packages for iceweasel which fixed the following security problems: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jes...
[BSA-036] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2011-1407 command injection attack in DKIM processing code For the lenny-backports distribution the problems have been fixed in version 4.72-6+squeeze2bpo50+1. For the stable distribution squeeze, thi...
[BSA-035] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2011-1764 DKIM related format string vulnerability For the lenny-backports distribution the problems have been fixed in version 4.72-6+squeeze1bpo50+1. For the stable distribution squeeze, this proble...
[BSA-034] Security Update for iceweasel
Mike Hommey uploaded new packages for iceweasel which fixed the following security problems: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren...
[BSA-030] Security update for nss
This update for the Network Security Service libraries marks several fraudulent HTTPS certificates as unstrusted. For the lenny-backports distribution the problems have been fixed in version 3.12,8-1+squeeze1bpo50+1. For the oldstable distribution lenny, this problem has been fixed in version...
[BSA-014] New Tor packages fix potential code execution
Willem Pinckaers discovered that Tor, a tool to enable online anonymity, does not correctly handle all data read from the network. By supplying specially crafted packets a remote attacker can cause Tor to overflow its heap, crashing the process in turn. Arbitrary code execution has not been...
BSA-009 Security Update for nss
Alexander Reichle-Schmehl uploaded new packages for nss which fixed the following security problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subjects Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a...
Subject: BSA-008 Security Update for pidgin
Jan Wagner uploaded new packages for pidgin which fixed the following security problems: CVE-2010-3711 Fixes multiple remotely-triggered DoSes https://vulners.com/cve/CVE-2010-3711 For the lenny-backports distribution the problems have been fixed in version 2.7.3-1bpo50+2. For the unstable sid...
BSA-005 Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...
BSA-005 Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...
BSA-003 Security Update for samba
Christian Perrier uploaded new packages for samba which fixed the following security problems: CVE-2010-3069 A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sidparse function does not correctly check its input lengths when reading a binary...
Security update for openoffice.org
Rene Engelhard uploaded new packages for openoffice.org which fixed the following security problems: CVE-2010-2935 CVE-2010-2936: Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a users system and execute...
[Backports-security-announce] Security Update for git
Sebastian Harl uploaded new packages for git, a popular distributed revision control system, which fixed the following security problem: CVE-2010-2542, Debian BTS 590026 A buffer overrun was found in the way Git sanitized path of a git directory. If a local attacker would create a specially-craft...
[Backports-security-announce] Security update for openoffice.org
Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problem: CVE-2010-0395 It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for MicrosoftR Office, is not properly handling python macro...
[Backports-security-announce] Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...
[Backports-security-announce] Security Update for drupal6
Luigi Gangitano uploaded new packages for drupal6 which fixed the following security problems: SA-CORE-2010-001 Multiple vulnerabilities and weaknesses were discovered in Drupal. Installation cross site scripting A user-supplied value is directly output during installation allowing a malicious us...
[Backports-security-announce] Security Update for dokuwiki
Gerfried Fuchs uploaded new packages for dokuwiki which fixed the following security problems: CVE-2010-0287 It was discovered that an internal variable is not properly sanitized before being used to list directories. This can be exploited to list contents of arbitrary directories. CVE-2010-0288,...