Section: .. / 0706-advisories /
| /// File Name: |
dsa-1302-1.txt |
Description:
|
Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
| | Homepage: | http://www.debian.org/security | | File Size: | 10432 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jun 10 20:46:12 2007 |
| MD5 Checksum: | 5907cad571cca0c3ac6d607a3b51841a |
|
| /// File Name: |
dsa-1303-1.txt |
Description:
|
Debian Security Advisory 1303-1 - Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 14835 | | Related CVE(s): | CVE-2007-1870, CVE-2007-1869 | | Last Modified: | Jun 10 20:45:19 2007 |
| MD5 Checksum: | 53b93cc320f665f7b4307e46d491a35a |
|
| /// File Name: |
dsa-1304-1.txt |
Description:
|
Debian Security Advisory 1304-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 34109 | | Related CVE(s): | CVE-2005-4811, CVE-2006-4814, CVE-2006-4623, CVE-2006-5753, CVE-2006-5754, CVE-2006-5757, CVE-2006-6053, CVE-2006-6056, CVE-2006-6060, CVE-2006-6106, CVE-2006-6535, CVE-2007-0958, CVE-2007-1357, CVE-2007-1592 | | Last Modified: | Jun 19 14:39:52 2007 |
| MD5 Checksum: | 1d8a803d6cd25a9ae00f96aa85c482a1 |
|
| /// File Name: |
dsa-1307-1.txt |
Description:
|
Debian Security Advisory 1307-1 - John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 51808 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jun 12 21:06:55 2007 |
| MD5 Checksum: | 2979f28b859b37269bf3d9b44968dcb7 |
|
| /// File Name: |
dsa-1309-1.txt |
Description:
|
Debian Security Advisory 1309-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 28160 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | Jun 19 16:21:31 2007 |
| MD5 Checksum: | df58f5754151ca2c00c2769afcaf62f8 |
|
| /// File Name: |
dsa-1310-1.txt |
Description:
|
Debian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
| | Homepage: | http://www.debian.org/security | | File Size: | 6495 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 19 16:23:52 2007 |
| MD5 Checksum: | c012f8241627391e730ed9ce2f70a62e |
|
| /// File Name: |
dsa-1311-1.txt |
Description:
|
Debian Security Advisory 1311-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 32964 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | Jun 19 16:35:57 2007 |
| MD5 Checksum: | eefad625b43958f3ae0784c74aeb5931 |
|
| /// File Name: |
dsa-1312-1.txt |
Description:
|
Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
| | Homepage: | http://www.debian.org/security | | File Size: | 10270 | | Related CVE(s): | CVE-2007-1860 | | Last Modified: | Jun 20 00:20:21 2007 |
| MD5 Checksum: | 70d5798b6f48581fdbb7d154013012ca |
|
| /// File Name: |
dsa-1313-1.txt |
Description:
|
Debian Security Advisory 1313-1 - Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4991 | | Related CVE(s): | CVE-2007-2948 | | Last Modified: | Jun 20 01:05:58 2007 |
| MD5 Checksum: | 87c7c2e84d54f3cccbadcc1604519ab1 |
|
| /// File Name: |
dsa-1314-1.txt |
Description:
|
Debian Security Advisory 1314-1 - Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. Olaf Kirch discovered that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service. He also discovered that access to a semaphore used in the logging code was insufficiently protected, allowing denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 5228 | | Related CVE(s): | CVE-2007-3099, CVE-2007-3100 | | Last Modified: | Jun 20 01:10:38 2007 |
| MD5 Checksum: | ecc345e3ad4eeca7fb2d34a3c8c14dba |
|
| /// File Name: |
dsa-1315-1.txt |
Description:
|
Debian Security Advisory 1315-1 - Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validation if configured to use Sendmail. This allows the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 3016 | | Related CVE(s): | CVE-2007-3215 | | Last Modified: | Jun 21 14:33:39 2007 |
| MD5 Checksum: | 692f0bc4b19f0e5ec187abf3effdab85 |
|
| /// File Name: |
dsa-1316.txt |
Description:
|
Debian Security Advisory 1316-1 - It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.
| | Homepage: | http://www.debian.org/security | | File Size: | 8679 | | Related CVE(s): | CVE-2007-2833 | | Last Modified: | Jun 26 15:58:01 2007 |
| MD5 Checksum: | b779f8ecf103d889e688ab54cc3f0a8d |
|
| /// File Name: |
dsa-1317.txt |
Description:
|
Debian Security Advisory 1317-1 - duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4841 | | Related CVE(s): | CVE-2007-1655 | | Last Modified: | Jun 26 17:41:30 2007 |
| MD5 Checksum: | e2639f7c9260ea07902f3721e4b1483d |
|
| /// File Name: |
dsa-1320-1.txt |
Description:
|
Debian Security Advisory 1320-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. It was discovered that the NsPack decompression code performed insufficient sanitizing on an internal length variable, resulting in a potential buffer overflow. It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 29332 | | Related CVE(s): | CVE-2007-2650, CVE-2007-3023, CVE-2007-3024, CVE-2007-3122, CVE-2007-3123 | | Last Modified: | Jun 26 17:45:06 2007 |
| MD5 Checksum: | 27fe60fe32214a09a227280b1444c8ae |
|
| /// File Name: |
dsa-1323-1.txt |
Description:
|
Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 34760 | | Related CVE(s): | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 | | Last Modified: | Jun 29 01:37:00 2007 |
| MD5 Checksum: | 9675f44fcc9ff2e27cb29ebe574700e6 |
|
| /// File Name: |
dsa-1324-1.txt |
Description:
|
Debian Security Advisory 1324-1 - Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 2861 | | Related CVE(s): | CVE-2007-2836 | | Last Modified: | Jun 29 01:37:55 2007 |
| MD5 Checksum: | 26452761f9201daaca406d4d078f4dc5 |
|
| /// File Name: |
dsa-1325-1.txt |
Description:
|
Debian Security Advisory 1325-1 - Ulf Harnhammer discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitizing of a value later used an array index, which can lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 15941 | | Related CVE(s): | CVE-2007-1002, CVE-2007-3257 | | Last Modified: | Jun 29 22:59:09 2007 |
| MD5 Checksum: | 94a262ab5007fe2d9720a0ad3ddfeb4d |
|
| /// File Name: |
EEYE-Yahoo.txt |
Description:
|
eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | Related Exploit: | ym1.txt | | File Size: | 5124 | | Last Modified: | Jun 10 20:28:35 2007 |
| MD5 Checksum: | 8e62e5ea987627c89d6cf20460ac4e00 |
|
| /// File Name: |
elxis-sql.txt |
Description:
|
Elxis CMS versions 2006.4 and below suffer from a SQL injection vulnerability.
| | Author: | Nico Leidecker | | File Size: | 1878 | | Last Modified: | Jun 14 23:12:31 2007 |
| MD5 Checksum: | 27a45dcd948db61da36c9cdaaae72831 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
