DSA-2474 ikiwiki – cross-site scripting

May 19, 2012 · Posted in Debian · Comment 

Share

Raúl Benencia discovered that ikiwiki, a wiki compiler, does not
properly escape the author (and its URL) of certain metadata, such as
comments. This might be used to conduct cross-site scripting attacks.

Debian Security

Tags: , , ,

DSA-2475 openssl – integer underflow

May 18, 2012 · Posted in Debian · Comment 

Share

It was discovered that openssl did not correctly handle explicit
Initialization Vectors for CBC encryption modes, as used in TLS 1.1,
1.2, and DTLS. An incorrect calculation would lead to an integer
underflow and incorrect memory access, causing denial of service
(application crash.)

Debian Security

Tags: , , ,

DSA-2473 openoffice.org – buffer overflow

May 17, 2012 · Posted in Debian · Comment 

Share

Tielei Wang discovered that OpenOffice.org does not allocate a large
enough memory region when processing a specially crafted JPEG object,
leading to a heap-based buffer overflow and potentially arbitrary code
execution.

Debian Security

Tags: , , ,

DSA-2465 php5 – several vulnerabilities

May 16, 2012 · Posted in Debian · Comment 

Share

De Eindbazen discovered that PHP, when run with mod_cgi, will
interpret a query string as command line parameters, allowing to
execute arbitrary code.

Debian Security

Tags: , , ,

DSA-2466 rails – cross site scripting

May 15, 2012 · Posted in Debian · Comment 

Share

Sergey Nartimov discovered that in Rails, a Ruby based framework for
web development, when developers generate html options tags manually,
user input concatenated with manually built tags may not be escaped
and an attacker can inject arbitrary HTML into the document.

Debian Security

Tags: , , , ,

DSA-2471 ffmpeg – several vulnerabilities

May 14, 2012 · Posted in Debian · Comment 

Share

Several vulnerabilities have been discovered in FFmpeg, a multimedia
player, server and encoder. Multiple input validations in the decoders/
demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska,
Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of
arbitrary code.

Debian Security

Tags: , , ,

Updated Debian 6.0: 6.0.5 released

May 14, 2012 · Posted in Debian · Comment 

Share

The Debian project is pleased to announce the fifth update of its
stable distribution Debian (codename ).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

Debian News

Tags: , , ,

DSA-2467 mahara – insecure defaults

May 13, 2012 · Posted in Debian · Comment 

Share

It was discovered that Mahara, the portfolio, weblog, and resume builder,
had an insecure default with regards to SAML-based authentication used
with more than one SAML identity provider. Someone with control over one
IdP could impersonate users from other IdP’s.

Debian Security

Tags: , , ,

DSA-2470 wordpress – several vulnerabilities

May 12, 2012 · Posted in Debian · Comment 

Share

Several vulnerabilities were identified in WordPress, a web blogging
tool. As the CVEs were allocated from releases announcements and
specific fixes are usually not identified, it has been decided to
upgrade the wordpress package to the latest upstream version instead
of backporting the patches.

Debian Security

Tags: , , ,

DSA-2469 linux-2.6 – privilege escalation/denial of service

May 11, 2012 · Posted in Debian · Comment 

Share

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

Debian Security

Tags: , , , ,

Next Page »