1661 matches found
[SECURITY] [DSA-1646-1] New squid packages fix array bounds check
------------------------------------------------------------------------ Debian Security Advisory DSA-1646-1 [email protected] http://www.debian.org/security/ Devin Carraway October 07, 2008 http://www.debian.org/security/faq -...
CVE-2008-4126
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4126
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
Design/Logic Flaw
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4126
Technical details for CVE-2008-4126 are not provided in the connected documents; the initial description summarizes the issue but no vendor/version/context is given here. Monitor for updates.
CVE-2008-4099
The CVE-2008-4099 entry concerns PyDNS (python-dns) in Debian GNU/Linux prior to 2.3.1-4, where DNS requests did not randomize source ports or transaction IDs. This omission facilitates spoofed DNS responses by remote attackers, representing a DNS cache-poisoning risk. Debian has updated the pack...
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
------------------------------------------------------------------------ Debian Security Advisory DSA-1637-1 [email protected] http://www.debian.org/security/ Devin Carraway September 15, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1624-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 31, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1619-1 [email protected] http://www.debian.org/security/ Devin Carraway July 27, 2008 http://www.debian.org/security/faq -...
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
Design/Logic Flaw
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
CVE-2008-3234
CVE-2008-3234 affects sshd in OpenSSH 4 on Debian GNU/Linux (and the 20070303 OpenSSH snapshot). The issue lets remote authenticated users gain access to arbitrary SELinux roles by appending a ":/" sequence followed by a role name to the username. The IBM X-Force/IBD IBM doc list the base score a...