CVE-2008-4126

PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...

Design/Logic Flaw

PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...

CVE-2008-4099

The CVE-2008-4099 entry concerns PyDNS (python-dns) in Debian GNU/Linux prior to 2.3.1-4, where DNS requests did not randomize source ports or transaction IDs. This omission facilitates spoofed DNS responses by remote attackers, representing a DNS cache-poisoning risk. Debian has updated the pack...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

CVE-2008-4126

Technical details for CVE-2008-4126 are not provided in the connected documents; the initial description summarizes the issue but no vendor/version/context is given here. Monitor for updates.

[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-1637-1 [email protected] http://www.debian.org/security/ Devin Carraway September 15, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1624-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 31, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1619-1 [email protected] http://www.debian.org/security/ Devin Carraway July 27, 2008 http://www.debian.org/security/faq -...

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

Design/Logic Flaw

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

CVE-2008-3234

CVE-2008-3234 affects sshd in OpenSSH 4 on Debian GNU/Linux (and the 20070303 OpenSSH snapshot). The issue lets remote authenticated users gain access to arbitrary SELinux roles by appending a ":/" sequence followed by a role name to the username. The IBM X-Force/IBD IBM doc list the base score a...

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

[SECURITY] [DSA 1569-3] New cacti packages fix regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1569-3 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 15, 2008 http://www.debian.org/security/faq -...

SOL8874 - OpenSSL packages contain a predictable random number generator - VU#925211

A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Information about this advisory is available at the following location:...

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities

---------------------------------------------------------------------- Debian Security Advisory DSA-1588-2 [email protected] http://www.debian.org/security/ dann frazier May 30, 2008 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1584-1 [email protected] http://www.debian.org/security/ Steve Kemp May 21, 2008 http://www.debian.org/security/faq -...