Section: .. / 0605-advisories /
| /// File Name: |
dsa-1051-1.txt |
Description:
|
Debian Security Advisory 1051-1 - Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 22370 | | Related CVE(s): | CVE-2005-2353, CVE-2005-4134, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 | | Last Modified: | May 6 17:02:29 2006 |
| MD5 Checksum: | 4f79a008194185391d4a9f470c3c33c6 |
|
| /// File Name: |
dsa-1052-1.txt |
Description:
|
Debian Security Advisory 1052-1 - Several buffer overflows have been discovered in cgiirc, a web-based IRC client, which could be exploited to execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 4893 | | Related CVE(s): | CVE-2006-2148 | | Last Modified: | May 9 16:29:56 2006 |
| MD5 Checksum: | cac61ad22493469ada90f1144f547884 |
|
| /// File Name: |
dsa-1053-1.txt |
Description:
|
Debian Security Advisory 1053-1: Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.
| | Homepage: | http://www.debian.org/security | | File Size: | 28516 | | Last Modified: | May 17 17:28:05 2006 |
| MD5 Checksum: | b89d621eb35fb1218928e4ab6c4fd50f |
|
| /// File Name: |
dsa-1054-1.txt |
Description:
|
Debian Security Advisory 1054-1: Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 19150 | | Last Modified: | May 17 17:28:11 2006 |
| MD5 Checksum: | 83edbc442ba1306150ceebfc94545213 |
|
| /// File Name: |
dsa-1055-1.txt |
Description:
|
Debian Security Advisory 1055-1: Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. Since Mozilla and Firefox share the same codebase, Firefox may be vulnerable as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 9759 | | Last Modified: | May 17 17:28:21 2006 |
| MD5 Checksum: | 9e95b667ea22add79d8851fe29784077 |
|
| /// File Name: |
dsa-1056-1.txt |
Description:
|
Debian Security Advisory 1056-1: David Maciejak noticed that webcalendar, a PHP-Based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames.
| | Homepage: | http://www.debian.org/security | | File Size: | 3020 | | Last Modified: | May 17 17:28:28 2006 |
| MD5 Checksum: | 8df6312e2ed5b0ea238931182afddd37 |
|
| /// File Name: |
dsa-1057-1.txt |
Description:
|
Debian Security Advisory 1057-1: Several cross-site scripting vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers, that allows remote attackers to inject arbitrary web script or HTML.
| | Homepage: | http://www.debian.org/security | | File Size: | 3060 | | Last Modified: | May 17 17:28:33 2006 |
| MD5 Checksum: | fc64431d29c0b48e67395cb80bb302fa |
|
| /// File Name: |
dsa-1058-1.txt |
Description:
|
Debian Security Advisory 1058-1 - Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 2954 | | Related CVE(s): | CVE-2006-2237 | | Last Modified: | May 22 02:06:42 2006 |
| MD5 Checksum: | 2ecbc7810e4691fd5e14f8c47d4c35b8 |
|
| /// File Name: |
dsa-1060-1.txt |
Description:
|
Debian Security Advisory 1060-1 - Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 2933 | | Related CVE(s): | CVE-2006-2110 | | Last Modified: | May 22 02:21:07 2006 |
| MD5 Checksum: | 6963d7926e2fd2d1ee74bbae2788a8b5 |
|
| /// File Name: |
dsa-1061-1.txt |
Description:
|
Debian Security Advisory 1061-1 - It has been discovered that popfile, a bayesian mail classifier, can be forced into a crash through malformed character sets within email messages, which allows denial of service.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 2938 | | Related CVE(s): | CVE-2006-0876 | | Last Modified: | May 22 02:22:00 2006 |
| MD5 Checksum: | eb2b0f3eb650023054d39450753b3bf6 |
|
| /// File Name: |
dsa-1062-1.txt |
Description:
|
Debian Security Advisory 1062-1 - Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 5008 | | Related CVE(s): | CVE-2006-2442 | | Last Modified: | May 22 02:22:36 2006 |
| MD5 Checksum: | 840ceff171d8f41a3d0336be165a3218 |
|
| /// File Name: |
dsa-1063-1.txt |
Description:
|
Debian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 20533 | | Related CVE(s): | CVE-2005-2781 | | Last Modified: | May 22 02:23:17 2006 |
| MD5 Checksum: | e2122d52cbe1ea7831ab4eeb8ff4f911 |
|
| /// File Name: |
dsa-1064-1.txt |
Description:
|
Debian Security Advisory 1064-1 - Jason Duell discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 7584 | | Related CVE(s): | CVE-2004-2541 | | Last Modified: | May 22 02:24:52 2006 |
| MD5 Checksum: | 760b7c5c025a3fd2ea392dadf8b9609c |
|
| /// File Name: |
dsa-1065-1.txt |
Description:
|
Debian Security Advisory 1065-1 - Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network authenticator daemon, performs insufficient boundary checks on a key length value, which might be exploited to crash the service.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 4987 | | Related CVE(s): | CVE-2006-2213 | | Last Modified: | May 22 02:25:41 2006 |
| MD5 Checksum: | 703b95d47d5c83f72f9de44ecd56d174 |
|
| /// File Name: |
dsa-1066-1.txt |
Description:
|
Debian Security Advisory 1066-1 - It was discovered that phpbb2, a web based bulletin board, does insufficiently sanitize values passed to the "Font Colour 3" setting, which might lead to the execution of injected code by admin users.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 3263 | | Related CVE(s): | CVE-2006-1896 | | Last Modified: | May 22 02:26:42 2006 |
| MD5 Checksum: | c3a55058b0ccee6680de14151d208c1b |
|
| /// File Name: |
dsa-1067-1.txt |
Description:
|
Debian Security Advisory 1067-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 9383 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:29:12 2006 |
| MD5 Checksum: | 42387c7d775a6d17cce7ac7fc2c024c9 |
|
| /// File Name: |
dsa-1068-1.txt |
Description:
|
Debian Security Advisory 1068-1 - Jan Braun discovered that the fbgs script of fbi, an image viewer for the framebuffer environment, creates an directory in a predictable manner, which allows denial of service through symlink attacks.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 9054 | | Related CVE(s): | CVE-2006-1695 | | Last Modified: | May 22 02:30:38 2006 |
| MD5 Checksum: | acb638b27457f63bb932542b52fcab0f |
|
| /// File Name: |
dsa-1069-1.txt |
Description:
|
Debian Security Advisory 1069-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 6938 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:33:40 2006 |
| MD5 Checksum: | 0624ddb0d704e2264ed8dac627c7b9c6 |
|
| /// File Name: |
dsa-1070-1.txt |
Description:
|
Debian Security Advisory 1070-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 10473 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:34:27 2006 |
| MD5 Checksum: | 1a87ad816468b3802b21395a8e39d989 |
|
| /// File Name: |
dsa-1072-1.txt |
Description:
|
Debian Security Advisory 1072-1 - A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9657 | | Related CVE(s): | CVE-2006-2162, CVE-2006-2489 | | Last Modified: | May 24 04:57:49 2006 |
| MD5 Checksum: | ebd79c18dbc8b912fc337a0efc62dfd3 |
|
| /// File Name: |
dsa-1074-1.txt |
Description:
|
Debian Security Advisory 1074-1: A. Alejandro Hernández discovered a vulnerability in mpg123, a command-line player for MPEG audio files. Insufficient validation of MPEG 2.0 layer 3 files results in several buffer overflows.
| | Homepage: | http://www.debian.org/security | | File Size: | 5045 | | Last Modified: | May 25 23:01:27 2006 |
| MD5 Checksum: | ba9c5d5f1c4d243e99ba3f640d3a651c |
|
| /// File Name: |
dsa-1075-1.txt |
Description:
|
Debian Security Advisory 1075-1: Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidently, it was not fixed yet.
| | Homepage: | http://www.debian.org/security | | File Size: | 3189 | | Last Modified: | May 29 03:38:48 2006 |
| MD5 Checksum: | ac4a8ef7ad9eb83121f837629984afa1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
