Section: .. / 0805-advisories /
| /// File Name: |
dsa-1576-2.txt |
Description:
|
Debian Security Advisory 1576-2 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA 1576-1). This could cause some compromised keys not to be listed in ssh-vulnkey's output.
| | Homepage: | http://www.debian.org/security | | File Size: | 11669 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 19 14:53:44 2008 |
| MD5 Checksum: | 99b2764eac7fd3255e11c28f7cd3f369 |
|
| /// File Name: |
sa30280.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for netpbm-free. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30280/ | | File Size: | 11456 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 9ff061b35d1111f6477f884169d63d02 |
|
| /// File Name: |
sa30113.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/30113/ | | File Size: | 11289 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | a907e44da217ee762acc164099711232 |
|
| /// File Name: |
USN-608-1.txt |
Description:
|
Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11178 | | Related CVE(s): | CVE-2008-1671 | | Last Modified: | May 6 19:11:14 2008 |
| MD5 Checksum: | d59d8585bfa28ce139cf8e4ff1045cad |
|
| /// File Name: |
sa30393.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libxslt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30393/ | | File Size: | 11073 | | Last Modified: | May 29 19:19:06 2008 |
| MD5 Checksum: | 0c609c229e9bb6133462546cc47499bd |
|
| /// File Name: |
glsa-200805-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-18 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 11033 | | Related CVE(s): | CVE-2007-4879, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241, CVE-2008-1380 | | Last Modified: | May 20 19:13:30 2008 |
| MD5 Checksum: | 6020894f441006219868b9bff9de2ca5 |
|
| /// File Name: |
dsa-1581-1.txt |
Description:
|
Debian Security Advisory 1581-1 - Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution. Repeated client hellos may result in a pre-authentication denial of service condition due to a null pointer dereference. Decoding cipher padding with an invalid record length may cause GNUTLS to read memory beyond the end of the received record, leading to a pre-authentication denial of service condition.
| | Homepage: | http://www.debian.org/security | | File Size: | 10769 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1950, CVE-2008-1949 | | Last Modified: | May 20 16:42:16 2008 |
| MD5 Checksum: | 6e93f5ea4d61f973f00663bbeffaaacd |
|
| /// File Name: |
dsa-1582-1.txt |
Description:
|
Debian Security Advisory 1582-1 - Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 10654 | | Related CVE(s): | CVE-2008-2040 | | Last Modified: | May 20 16:42:50 2008 |
| MD5 Checksum: | d29044254726e8705bcaadf4fbcf48a3 |
|
| /// File Name: |
cisco-sa-20080521-cvp.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP) where an authenticated user can create, modify, or delete a superuser account. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10604 | | Related CVE(s): | CVE-2008-2053 | | Last Modified: | May 22 01:25:57 2008 |
| MD5 Checksum: | 6f0780f5806abaa21ce03090e3c779b9 |
|
| /// File Name: |
sa30320.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for peercast. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30320/ | | File Size: | 9851 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | 6792b0c985eb1f19977c6bed98df918f |
|
| /// File Name: |
SSRT080071.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9522 | | Related CVE(s): | CVE-2007-6026 | | Last Modified: | May 20 10:30:30 2008 |
| MD5 Checksum: | 98043204bdce4fad60e066367be30c8e |
|
| /// File Name: |
dsa-1586-1.txt |
Description:
|
Debian Security Advisory 1586-1 - Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.
| | Homepage: | http://www.debian.org/security | | File Size: | 9354 | | Related CVE(s): | CVE-2008-1482, CVE-2008-1686, CVE-2008-1878 | | Last Modified: | May 22 19:50:45 2008 |
| MD5 Checksum: | 1c9f92bc85f505e380ecfca8fd866b8c |
|
| /// File Name: |
sa30249.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30249/ | | File Size: | 9196 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | d82aa3e47952a11035cc9ebab8806ccb |
|
| /// File Name: |
sa30324.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnutls13. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30324/ | | File Size: | 9166 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | 389cc5dabe4cf3a3dc234bcc697ed0a9 |
|
| /// File Name: |
sa30042.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/30042/ | | File Size: | 9155 | | Last Modified: | May 8 13:30:50 2008 |
| MD5 Checksum: | f16c9b7a01299fcf42af03dfead23861 |
|
| /// File Name: |
AST-2008-007.txt |
Description:
|
Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 9119 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 22 12:01:18 2008 |
| MD5 Checksum: | b24f77b75cf9e5ce1ac37b7e1a6eb6e4 |
|
| /// File Name: |
MDVSA-2008-096.txt |
Description:
|
Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8840 | | Related CVE(s): | CVE-2008-1694 | | Last Modified: | May 6 19:15:29 2008 |
| MD5 Checksum: | 3a0ea4e3b1b58f64a7459c160c351863 |
|
| /// File Name: |
dsa-1584-1.txt |
Description:
|
Debian Security Advisory 1584-1 - It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8702 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:47:44 2008 |
| MD5 Checksum: | f19fb5a9a9765a41edf16fe3a08f13ba |
|
| /// File Name: |
VMSA-2008-0008.txt |
Description:
|
VMware Security Advisory - Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line. VMware Workstation versions 6.0.3 and earlier, VMware Player versions 2.0.3 and earlier, VMware ACE versions 2.0.3 and earlier, and VMware Fusion versions 1.1.1 and earlier are affected.
| | Homepage: | http://www.vmware.com/ | | File Size: | 8582 | | Related CVE(s): | CVE-2008-2098, CVE-2008-2099 | | Last Modified: | May 31 15:21:44 2008 |
| MD5 Checksum: | 8ab3145bcbd39538f9eda637f8802930 |
|
| /// File Name: |
sa30353.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libfishsound. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30353/ | | File Size: | 8218 | | Last Modified: | May 23 18:43:31 2008 |
| MD5 Checksum: | 742ecf3cea64af63cdb0f400c3672875 |
|
| /// File Name: |
USN-612-6.txt |
Description:
|
Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8081 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:47:36 2008 |
| MD5 Checksum: | 1b121b32f5b219bf781da551ba98e314 |
|
| /// File Name: |
sa30430.txt |
Description:
|
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
| | Homepage: | http://secunia.com/advisories/30430/ | | File Size: | 7942 | | Last Modified: | May 29 19:19:06 2008 |
| MD5 Checksum: | 34c123ffa90a5d0532479a0e9c2ff61b |
|
| /// File Name: |
sa30337.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30337/ | | File Size: | 7936 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | e6586e5b7d43c3925682a5d4e1fe2cc7 |
|
| /// File Name: |
MDVSA-2008-099.txt |
Description:
|
Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7839 | | Related CVE(s): | CVE-2008-1096, CVE-2008-1097 | | Last Modified: | May 9 13:43:27 2008 |
| MD5 Checksum: | 80671fb91b231ddf51ff6f60aef286c4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
