442 matches found
Debian DSA-860-1 : ruby - programming error
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...
Debian DSA-849-1 : shorewall - programming error
'Supernaut' noticed that shorewall, the Shoreline Firewall, could generate an iptables configuration which is significantly more permissive than the rule set given in the shorewall configuration, if MAC verification are used in a non-default manner. When MACLISTDISPOSITION is set to ACCEPT in the...
DSA-849-1 shorewall - programming error
Bulletin has no description...
[SECURITY] [DSA 845-1] New mason packages fix missing init script
-------------------------------------------------------------------------- Debian Security Advisory DSA 845-1 [email protected] http://www.debian.org/security/ Martin Schulze October 6th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 845-1] New mason packages fix missing init script
-------------------------------------------------------------------------- Debian Security Advisory DSA 845-1 [email protected] http://www.debian.org/security/ Martin Schulze October 6th, 2005 http://www.debian.org/security/faq -...
Debian DSA-844-1 : mod-auth-shadow - programming error
A vulnerability in modauthshadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered. The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorisation mechanism,...
Debian DSA-815-1 : kdebase - programming error
Ilja van Sprundel discovered a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
[SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 815-1 [email protected] http://www.debian.org/security/ Martin Schulze September 16th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 815-1 [email protected] http://www.debian.org/security/ Martin Schulze September 16th, 2005 http://www.debian.org/security/faq -...
DSA-815-1 kdebase - programming error
Bulletin has no description...
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
-------------------------------------------------------------------------- Debian Security Advisory DSA 803-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...
Debian DSA-801-1 : ntp - programming error
SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended. %NASLMINLEVEL 70300 C Tenabl...
Debian DSA-790-1 : phpldapadmin - programming error
Alexander Gerasiov discovered that phpldapadmin, a web-based interface for administering LDAP servers, allows anybody to access the LDAP server anonymously, even if this is disabled in the configuration with the 'disableanonbind' statement. The old stable distribution woody is not vulnerable to...
Debian DSA-794-1 : polygen - programming error
Justin Rye noticed that polygen generates precompiled grammar objects world-writable, which can be exploited by a local attacker to at least fill up the filesystem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
[SECURITY] [DSA 801-1] New ntp packages fix group id confusion
-------------------------------------------------------------------------- Debian Security Advisory DSA 801-1 [email protected] http://www.debian.org/security/ Martin Schulze September 5th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 801-1] New ntp packages fix group id confusion
-------------------------------------------------------------------------- Debian Security Advisory DSA 801-1 [email protected] http://www.debian.org/security/ Martin Schulze September 5th, 2005 http://www.debian.org/security/faq -...
DSA-801-1 ntp - programming error
Bulletin has no description...
[SECURITY] [DSA 794-1] New polygen packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 794-1 security at debian dot org email concealed http://www.debian.org/security/ Martin Schulze September 1st, 2005...
[SECURITY] [DSA 794-1] New polygen packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 794-1 [email protected] http://www.debian.org/security/ Martin Schulze September 1st, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 794-1] New polygen packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 794-1 [email protected] http://www.debian.org/security/ Martin Schulze September 1st, 2005 http://www.debian.org/security/faq -...