442 matches found
[SECURITY] [DSA 1507-1] New turba2 packages fix permission testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1507-1 [email protected] http://www.debian.org/security/ Steve Kemp February 24, 2008 http://www.debian.org/security/faq -...
Debian DSA-1507-1 : turba2 - programming error
Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records. %NASLMINLEVEL 70300 C Tenable Network...
Debian DSA-1501-1 : dspam - programming error
Tobias Grutzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line. This allowed a local attacker to read the contents of the dspam database, such as emails. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
[SECURITY] [DSA 1501-1] New dspam packages fix information disclosure
------------------------------------------------------------------------ Debian Security Advisory DSA-1501-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 21, 2008 http://www.debian.org/security/faq -...
Debian DSA-1482-1 : squid - programming error
It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
[SECURITY] [DSA 1482-1] New squid packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1482-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2008 http://www.debian.org/security/faq -...
DSA-1482-1 squid - programming error
Bulletin has no description...
Debian DSA-1476-1 : pulseaudio - programming error
Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debia...
Debian DSA-1465-2 : apt-listchanges - programming error
Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to...
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1465-1 [email protected] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 1164-1 (sendmail)
The remote host is missing an update to sendmail announced via advisory DSA 1164-1. A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message...
Debian: Security Advisory (DSA-927-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1288-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1465-2 [email protected] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-1288-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1365-1 (id3lib3.8.3)
The remote host is missing an update to id3lib3.8.3 announced via advisory DSA 1365-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Debian DSA-1458-1 : openafs - programming error
A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the hostglock lock...
Debian DSA-1456-1 : fail2ban - programming error
Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
Debian DSA-1457-1 : dovecot - programming error
It was discovered that Dovecot, a POP3 and IMAP server, only when used Remark: 'base' refers to a variable?! and should not contain something as base = %r! with LDAP authentication and 'base' contains variables, could allow a user to log in to the account of another user with the same password...
Debian DSA-1449-1 : loop-aes-utils - programming error
It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. %NASLMINLEVEL 70300 C Tenable...