Section: .. / 0807-advisories /
| /// File Name: |
dsa-1605-1.txt |
Description:
|
Debian Security Advisory 1605-1 - Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
| | Homepage: | http://www.debian.org/security | | File Size: | 2359 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 10 02:24:58 2008 |
| MD5 Checksum: | 21c2647a22a7ca9c73899fa03d092b39 |
|
| /// File Name: |
dsa-1606-1.txt |
Description:
|
Debian Security Advisory 1606-1 - It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object.
| | Homepage: | http://www.debian.org/security | | File Size: | 14402 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Jul 10 04:15:47 2008 |
| MD5 Checksum: | 8e803d53553829c84b5d56c5b03e1971 |
|
| /// File Name: |
dsa-1607-1.txt |
Description:
|
Debian Security Advisory 1607-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 10844 | | Related CVE(s): | CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 11 18:09:38 2008 |
| MD5 Checksum: | bbb8961bff35f4acaf5a236fb2ad6fa0 |
|
| /// File Name: |
dsa-1608-1.txt |
Description:
|
Debian Security Advisory 1608-1 - Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorization to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations.
| | Homepage: | http://www.debian.org/security | | File Size: | 13777 | | Related CVE(s): | CVE-2008-2079 | | Last Modified: | Jul 14 20:51:55 2008 |
| MD5 Checksum: | c3744708947638838c41045af52ff9a5 |
|
| /// File Name: |
dsa-1609-1.txt |
Description:
|
Debian Security Advisory 1609-1 - Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.
| | Homepage: | http://www.debian.org/security | | File Size: | 12697 | | Related CVE(s): | CVE-2008-0983, CVE-2007-3948 | | Last Modified: | Jul 15 18:29:13 2008 |
| MD5 Checksum: | d5fa018fca4cff4c04e9d55217912eb0 |
|
| /// File Name: |
dsa-1610-1.txt |
Description:
|
Debian Security Advisory 1610-1 - It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 7838 | | Related CVE(s): | CVE-2008-2927 | | Last Modified: | Jul 15 18:29:36 2008 |
| MD5 Checksum: | 513c6db488f5e76c826ad67226948f43 |
|
| /// File Name: |
dsa-1611-1.txt |
Description:
|
Debian Security Advisory 1611-1 - Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem.
| | Homepage: | http://www.debian.org/security | | File Size: | 5021 | | Related CVE(s): | CVE-2008-2232 | | Last Modified: | Jul 16 20:04:36 2008 |
| MD5 Checksum: | 667d150cda2558de83b99a4350f259eb |
|
| /// File Name: |
dsa-1613-1.txt |
Description:
|
Debian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:
| | Homepage: | http://www.debian.org/security | | File Size: | 13291 | | Related CVE(s): | CVE-2007-3476, CVE-2007-3477, CVE-2007-3996, CVE-2007-2445 | | Last Modified: | Jul 22 13:59:59 2008 |
| MD5 Checksum: | f8c950a3139d1a9b9ffb7c36183f28f7 |
|
| /// File Name: |
dsa-1614-1.txt |
Description:
|
Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 8712 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 23 19:49:36 2008 |
| MD5 Checksum: | 357a585f8c33728c1e761bc85d365a57 |
|
| /// File Name: |
dsa-1615-1.txt |
Description:
|
Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
| | Homepage: | http://www.debian.org/security | | File Size: | 31926 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933 | | Last Modified: | Jul 23 19:50:15 2008 |
| MD5 Checksum: | 814da2c25fb7c7e932ae2c2849d21d29 |
|
| /// File Name: |
dsa-1616-1.txt |
Description:
|
Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 16558 | | Related CVE(s): | CVE-2008-2713 | | Last Modified: | Jul 24 12:14:46 2008 |
| MD5 Checksum: | aedebbf953275b7079e71948199d5566 |
|
| /// File Name: |
dsa-1616-2.txt |
Description:
|
Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 17117 | | Related CVE(s): | CVE-2008-2713 | | Last Modified: | Jul 28 11:26:50 2008 |
| MD5 Checksum: | ceabffda6d4cb45cef97943d6e18bd28 |
|
| /// File Name: |
dsa-1617-1.txt |
Description:
|
Debian Security Advisory 1617-1 - In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below.
| | Homepage: | http://www.debian.org/security | | File Size: | 5335 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 25 14:20:30 2008 |
| MD5 Checksum: | 1f7434c7ae5c8345c7101b841bffb229 |
|
| /// File Name: |
dsa-1619-1.txt |
Description:
|
Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
| | Homepage: | http://www.debian.org/security | | File Size: | 3638 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 28 11:27:39 2008 |
| MD5 Checksum: | bc5cc0626a47ff39888e21678e8ff28c |
|
| /// File Name: |
dsa-1622-1.txt |
Description:
|
Debian Security Advisory 1622-1 - It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
| | Homepage: | http://www.debian.org/security | | File Size: | 5164 | | Related CVE(s): | CVE-2008-3252 | | Last Modified: | Jul 31 11:25:37 2008 |
| MD5 Checksum: | 7e6b4117b4a1322d1a46f601df9eabba |
|
| /// File Name: |
dsa-1623-1.txt |
Description:
|
Debian Security Advisory 1623-1 - Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
| | Homepage: | http://www.debian.org/security | | File Size: | 5056 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 31 18:22:45 2008 |
| MD5 Checksum: | 6c21c0b2905b253f6123daa1f6688d8d |
|
| /// File Name: |
dsa-1624-1.txt |
Description:
|
Debian Security Advisory 1624-1 - Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11623 | | Related CVE(s): | CVE-2008-2935 | | Last Modified: | Jul 31 18:23:26 2008 |
| MD5 Checksum: | f7e4269ba78b527d3e435c79ffc498bb |
|
| /// File Name: |
emule-disclose.txt |
Description:
|
eMule version 0.49 appears to disclose OS user names and paths.
| | Author: | Carl Hardwick | | File Size: | 673 | | Last Modified: | Jul 14 23:00:19 2008 |
| MD5 Checksum: | abc3bcd4f77b346748548a21b86bc2eb |
|
| /// File Name: |
f5firepass-dos.txt |
Description:
|
The F5 FirePass 1200 SSL VPN appliance version 6.0.2 Hotfix 3 contains a denial of service vulnerability in the SNMP daemon.
| | Author: | nnposter | | File Size: | 597 | | Last Modified: | Jul 9 21:43:06 2008 |
| MD5 Checksum: | f202f532f3909089f1a5f78e0fcace08 |
|
| /// File Name: |
facebook-inject.txt |
Description:
|
Multiple Facebook script insertion vulnerabilities have been recently discovered.
| | Author: | Jouko Pynnonen | | Homepage: | http://iki.fi/jouko | | File Size: | 4678 | | Last Modified: | Jul 9 21:27:17 2008 |
| MD5 Checksum: | 90ab81a70a18711008cf9faf9aced85a |
|
| /// File Name: |
FGA-2008-16-2.txt |
Description:
|
EMC Dantz Retrospect 7 backup Client 7.5.116 suffers from a NULL pointer reference denial of service vulnerability.
| | Author: | Zhenhua Liu | | Homepage: | http://www.fortinet.com/ | | File Size: | 2475 | | Last Modified: | Jul 21 18:04:08 2008 |
| MD5 Checksum: | 812c10b6dc3e756242463147b8c58022 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
