Section: .. / 0608-advisories /
| /// File Name: |
dsa-1138-1.txt |
Description:
|
Debian Security Advisory 1138-1 - Carlo Contavalli discovered an integer overflow in CFS, a cryptographic filesystem, which allows local users to crash the encryption daemon.
| | Homepage: | http://www.debian.org/security | | File Size: | 4733 | | Related CVE(s): | CVE-2006-3123 | | Last Modified: | Aug 17 04:14:06 2006 |
| MD5 Checksum: | 2c6c6a33a868b45c29be06989fe6e121 |
|
| /// File Name: |
dsa-1139-1.txt |
Description:
|
Debian Security Advisory 1139-1 - It was discovered that the interpreter for the Ruby language does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
| | Homepage: | http://www.debian.org/security | | File Size: | 29384 | | Related CVE(s): | CVE-2006-3694 | | Last Modified: | Aug 17 04:48:48 2006 |
| MD5 Checksum: | 10060bee5ea1505e531710d0081f01f9 |
|
| /// File Name: |
dsa-1140-1.txt |
Description:
|
Debian Security Advisory 1140-1 - Evgeny Legerov discovered that overly large comments can crash gnupg.
| | Homepage: | http://www.debian.org/security | | File Size: | 4821 | | Related CVE(s): | CVE-2006-3746 | | Last Modified: | Aug 17 04:49:23 2006 |
| MD5 Checksum: | 891b77c9face00b999bcfcca482d1aff |
|
| /// File Name: |
dsa-1141-1.txt |
Description:
|
Debian Security Advisory 1141-1 - Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard.
| | Homepage: | http://www.debian.org/security | | File Size: | 8694 | | Related CVE(s): | CVE-2006-3746 | | Last Modified: | Aug 17 05:12:01 2006 |
| MD5 Checksum: | 00d390b185e3b3aab07fdbfecf595f61 |
|
| /// File Name: |
dsa-1142-1.txt |
Description:
|
Debian Security Advisory 1142-1 - Luigi Auriemma discovered missing boundary checks in freeciv, a clone of the well known Civilization game, which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 9807 | | Related CVE(s): | CVE-2006-3913 | | Last Modified: | Aug 17 05:13:30 2006 |
| MD5 Checksum: | 291f48d2b008d9992b65551ab6fc692c |
|
| /// File Name: |
dsa-1143-1.txt |
Description:
|
Debian Security Advisory 1143-1 - Justin Winschief and Andrew Steets discovered a bug in dhcp, the DHCP server for automatic IP address assignment, which causes the server to unexpectedly exit.
| | Homepage: | http://www.debian.org/security | | File Size: | 8730 | | Related CVE(s): | CVE-2006-3122 | | Last Modified: | Aug 17 23:31:01 2006 |
| MD5 Checksum: | d97d24ce3aad6863d5c66bba6cf11dc8 |
|
| /// File Name: |
dsa-1144-1.txt |
Description:
|
Debian Security Advisory 1144-1 - It was discovered that one of the utilities shipped with chmlib, a library for dealing with Microsoft CHM files, performs insufficient sanitizing of filenames, which might lead to directory traversal.
| | Homepage: | http://www.debian.org/security | | File Size: | 8660 | | Related CVE(s): | CVE-2006-3178 | | Last Modified: | Aug 18 01:10:20 2006 |
| MD5 Checksum: | 4ff00f44e8a6a01c73ffa3096274ec62 |
|
| /// File Name: |
dsa-1145-1.txt |
Description:
|
Debian Security Advisory 1145-1 - Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 13565 | | Related CVE(s): | CVE-2005-4745, CVE-2006-4746 | | Last Modified: | Aug 18 01:24:11 2006 |
| MD5 Checksum: | f7b7e545b82b72d82c85a53069c7b316 |
|
| /// File Name: |
dsa-1146-1.txt |
Description:
|
Debian Security Advisory 1146-1 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.
| | Homepage: | http://www.debian.org/security | | File Size: | 22414 | | Related CVE(s): | CVE-2006-3083, CVE-2006-3084 | | Last Modified: | Aug 26 20:23:46 2006 |
| MD5 Checksum: | 6a843f8da829224cf6024f840f325fbd |
|
| /// File Name: |
dsa-1147-1.txt |
Description:
|
Debian Security Advisory 1147-1 - Ayman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitizing in the user module, which might lead to cross-site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 2815 | | Related CVE(s): | CVE-2006-4002 | | Last Modified: | Aug 26 20:54:39 2006 |
| MD5 Checksum: | 24a337793321b63e9afafa2dc798ba26 |
|
| /// File Name: |
dsa-1149-1.txt |
Description:
|
Debian Security Advisory 1149-1 - Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.
| | Homepage: | http://www.debian.org/security | | File Size: | 5048 | | Related CVE(s): | CVE-2006-1168 | | Last Modified: | Aug 26 21:31:54 2006 |
| MD5 Checksum: | f8c277bfbb31ea8808a6d99d7d270a26 |
|
| /// File Name: |
dsa-1150-1.txt |
Description:
|
Debian Security Advisory 1150-1 - A bug has been discovered in several packages that execute teh setuid() system call without checking for sucess when trying to drop privileges, which may fail with some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 6768 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Aug 26 23:03:57 2006 |
| MD5 Checksum: | 7152a20ff09ddbdc8f6deec67fa0fc8a |
|
| /// File Name: |
dsa-1151-1.txt |
Description:
|
Debian Security Advisory 1151-1 - Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 16934 | | Related CVE(s): | CVE-2006-3121 | | Last Modified: | Aug 27 01:39:04 2006 |
| MD5 Checksum: | ef03585e33afbacbb8a0d7baf24c8902 |
|
| /// File Name: |
dsa-1152-1.txt |
Description:
|
Debian Security Advisory 1152-1 - Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 4844 | | Related CVE(s): | CVE-2006-3695 | | Last Modified: | Aug 27 15:12:39 2006 |
| MD5 Checksum: | 0aa527bb2de7594fb877669290333e51 |
|
| /// File Name: |
dsa-1153-1.txt |
Description:
|
Debian Security Advisory 1153-1 - Damian Put discovered a heap overflow vulnerability in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 15443 | | Related CVE(s): | CVE-2006-4018 | | Last Modified: | Aug 27 15:30:27 2006 |
| MD5 Checksum: | a4be7326c0ef768583539a022d1bf2f3 |
|
| /// File Name: |
dsa-1154-1.txt |
Description:
|
Debian Security Advisory 1154-1 - James Bercegay of GulfTech Security Research discovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users.
| | Homepage: | http://www.debian.org/security | | File Size: | 2934 | | Related CVE(s): | CVE-2006-4019 | | Last Modified: | Aug 27 17:17:16 2006 |
| MD5 Checksum: | 83baddbcee5acf74265777ca92416171 |
|
| /// File Name: |
dsa-1155-1.txt |
Description:
|
Debian Security Advisory 1155-1 - Frank Sheiness discovered that a MIME conversion routine in sendmail, a powerful, efficient, and scalable mail transport agent, could be tricked by a specially crafted mail to perform an endless recursion.
| | Homepage: | http://www.debian.org/security | | File Size: | 13583 | | Related CVE(s): | CVE-2006-1173 | | Last Modified: | Aug 27 20:20:55 2006 |
| MD5 Checksum: | 6c196000dd646710160eb41ddd2d2ea7 |
|
| /// File Name: |
dsa-1156-1.txt |
Description:
|
Debian Security Advisory 1156-1 - Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 57452 | | Related CVE(s): | CVE-2006-2449 | | Last Modified: | Aug 28 01:38:21 2006 |
| MD5 Checksum: | 652f694967b462111c997d267010f378 |
|
| /// File Name: |
dsa-1157-1.txt |
Description:
|
Debian Security Advisory 1157-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 22183 | | Related CVE(s): | CVE-2006-3694, CVE-2006-1931 | | Last Modified: | Aug 28 01:39:26 2006 |
| MD5 Checksum: | 9ccfc5ff9ada485c3c359e6a278a8227 |
|
| /// File Name: |
dsa-1158-1.txt |
Description:
|
Debian Security Advisory 1158-1 - Ulf Harnhammer from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitizing of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5344 | | Related CVE(s): | CVE-2006-3124 | | Last Modified: | Aug 28 01:40:15 2006 |
| MD5 Checksum: | bfdc0e21a43ba53f28e2452f84a210e5 |
|
| /// File Name: |
dsa-1162-1.txt |
Description:
|
Debian Security Advisory 1162-1 - Luigi Auriemma discovered several buffer overflows in libmusicbrainz, a CD index library, that allow remote attackers to cause a denial of service or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 21572 | | Related CVE(s): | CVE-2006-4197 | | Last Modified: | Aug 30 04:32:32 2006 |
| MD5 Checksum: | 53e8cc44b8d6412f584b363836fa6393 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
