[SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix

------------------------------------------------------------------------ Debian Security Advisory DSA-1802-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 21, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1803-1] New nsd packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1803-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2009 http://www.debian.org/security/faq -...

NSD vulnerable to one-byte overflow

Overview A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow. Description Name server daemon NSD is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when...

Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation

Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...

[SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1795 [email protected] http://www.debian.org/security/ Devin Carraway May 07, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

Command injection

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...

CVE-2009-1573

What is affected. xvfb-run 1.6.1 (Debian/Ubuntu/Fedora and possibly other OSes) has the flaw. The root cause described in the CVE context is that the X11 magic cookie (MCOOKIE) is exposed on the command line, which can be discovered by local users. Impact. Local privilege escalation by listing th...

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...

[SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-1791-1 [email protected] http://www.debian.org/security/ Steffen Joeris May 06, 2009 http://www.debian.org/security/faq -...

DBD::Pg 'pg_getline()'和'getline()'堆缓冲区溢出漏洞

BUGTRAQ ID: 34755 CVE ID：CVE-2009-0663 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg存在基于堆的缓冲区溢出，远程攻击者可以利用漏洞执行任意代码。 使用pggetline和getline函数可从数据库中读取行信息的应用程序可通过触发堆溢出而执行任意代码。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux...

[SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1773-1 [email protected] http://www.debian.org/security/ Steffen Joeris April 17, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1768-1] New openafs packages potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1768-1 [email protected] http://www.debian.org/security/ Florian Weimer April 10, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1767-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA-1767-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA-1766-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...

Mandriva Update for kernel MDVSA-2008:224 (kernel)

Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDVSA-2008:224 kernel Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

[SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1757-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 30, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA-1758-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 30, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1748-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 20, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1747-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 20, 2009 http://www.debian.org/security/faq -...