Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1486 replies to this topic

#76 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 15 December 2009 - 06:23 PM

Updates Debian LennyPackage        : expatVulnerability  : denial of serviceProblem type   : remoteDebian-specific: noCVE Id         : CVE-2009-3560Debian Bug     : 560901~Eric

#77 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 16 December 2009 - 02:10 PM

Updates Debian LennyPackage        : cacti                                         Vulnerability  : insufficient input sanitising                 Problem type   : remote                                        Debian-specific: no                                            CVE Ids        : CVE-2007-3112 CVE-2007-3113 CVE-2009-4032     Debian Bugs    : 429224    Package        : network-manager/network-manager-appletVulnerability  : information disclosureProblem type   : localDebian-specific: noCVE Id         : CVE-2009-0365Debian Bug     : 519801~Eric

#78 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 16 December 2009 - 07:48 PM

Updates Debian LennyPackage        : xulrunnerVulnerability  : severalProblem type   : remoteDebian-specific: noCVE Id(s)      : CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979~Eric

#79 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 19 December 2009 - 02:33 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1959-1                  security@debian.orghttp://www.debian.org/security/                         Raphael GeissertDecember 19, 2009                     http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : ganetiVulnerability  : missing input sanitationProblem type   : local (remote)Debian-specific: noCVE Id(s)      : CVE-2009-4261It was discovered that ganeti, a virtual server cluster manager, doesnot validate the path of scripts passed as arguments to certaincommands, which allows local or remote users (via the web interface inversions 2.x) to execute arbitrary commands on a host acting as acluster master.~Eric

#80 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 20 December 2009 - 03:16 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1960-1                  security@debian.orghttp://www.debian.org/security/                      Raphael GeissertDecember 19, 2009                     http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : acpidVulnerability  : programming errorProblem type   : localDebian-specific: noCVE Id         : CVE-2009-4235It was discovered that acpid, the Advanced Configuration and PowerInterface event daemon, on the oldstable distribution (etch) createsits log file with weak permissions, which might expose sensibleinformation or might be abused by a local user to consume all free diskspace on the same partition of the file.~Eric

#81 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 23 December 2009 - 03:51 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1962                  security@debian.orghttp://www.debian.org/security/                      Giuseppe IuculanoDecember 23, 2009                   http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : kvmVulnerability  : several vulnerabilitiesProblem type   : localDebian-specific: noDebian bugs    : 557739 562075 562076CVE Ids        : CVE-2009-3638 CVE-2009-3722 CVE-2009-4031Several vulnerabilities have been discovered in kvm, a full virtualization system.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2009-3638It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuidfunction. This allows local users to have an unspecified impact via aKVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.CVE-2009-3722It was discovered that the handle_dr function in the KVM subsystem does notproperly verify the Current Privilege Level (CPL) before accessing a debugregister, which allows guest OS users to cause a denial of service (trap) on thehost OS via a crafted application.CVE-2009-4031It was discovered that the do_insn_fetch function in the x86 emulator in the KVMsubsystem tries to interpret instructions that contain too many bytes to bevalid, which allows guest OS users to cause a denial of service (increasedscheduling latency) on the host OS via unspecified manipulations related to SMPsupport.~Eric

#82 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 28 December 2009 - 03:45 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1957-1                  security@debian.orghttp://www.debian.org/security/                      Steffen JoerisDecember 28, 2009                     http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : aria2Vulnerability  : buffer overflowProblem type   : local (remote)Debian-specific: noCVE Id         : CVE-2009-3575Debian Bug     : 551070It was discovered that aria2, a high speed download utility, is proneto a buffer overflow in the DHT routing code, which might lead to theexecution of arbitrary code.~Eric

#83 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 29 December 2009 - 05:03 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1958-1                  security@debian.orghttp://www.debian.org/security/                      Raphael GeissertDecember 29, 2009                     http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : libtoolVulnerability  : privilege escalationProblem type   : localDebian-specific: noCVE Id(s)      : CVE-2009-3736It was discovered that ltdl, a system-independent dlopen wrapper forGNU libtool, can be tricked to load and run modules from an arbitrarydirectory, which might be used to execute arbitrary code with theprivileges of the user running an application that uses libltdl.~Eric

#84 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 31 December 2009 - 04:35 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1953-2                  security@debian.orghttp://www.debian.org/security/                           Stefan FritschDecember 31, 2009                     http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : expatVulnerability  : denial of serviceProblem type   : remoteDebian-specific: noCVE Id         : CVE-2009-3560Debian Bug     : 560901 561658The expat updates released in DSA-1953-1 caused a regression: In somecases, expat would abort with the message "error in processing externalentity reference".~Eric

#85 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 06 January 2010 - 05:04 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1965                  security@debian.orghttp://www.debian.org/security/                      Giuseppe IuculanoJanuary 06, 2010                    http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : phpldapadminVulnerability  : missing input sanitisingProblem type   : remoteDebian-specific: noDebian bug     : 561975CVE Id         : CVE-2009-4427It was discovered that phpLDAPadmin, a web based interface for administeringLDAP servers, doesn't sanitize an internal variable, which allows remoteattackers to include and execute arbitrary local files.~Eric

#86 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 07 January 2010 - 07:46 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1966-1                  security@debian.orghttp://www.debian.org/security/                      Steffen JoerisJanuary 07, 2010                   http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : horde3Vulnerability  : insufficient input sanitisingProblem type   : remoteDebian-specific: noCVE Ids        : CVE-2009-3237 CVE-2009-3701 CVE-2009-4363Several vulnerabilities have been found in horde3, the horde web applicationframework. The Common Vulnerabilities and Exposures project identifiesthe following problems:CVE-2009-3237It has been discovered that horde3 is prone to cross-site scriptingattacks via crafted number preferences or inline MIME text parts whenusing text/plain as MIME type.For lenny this issue was already fixed, but as an additional securityprecaution, the display of inline text was disabled in the configurationfile.CVE-2009-3701It has been discovered that the horde3 administration interface is proneto cross-site scripting attacks due to the use of the PHP_SELF variable.This issue can only be exploited by authenticated administrators.CVE-2009-4363It has been discovered that horde3 is prone to several cross-sitescripting attacks via crafted data:text/html values in HTML messages.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-1967-q                  security@debian.orghttp://www.debian.org/security/                       Moritz MuehlenhoffJanuary 07, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : transmissionVulnerability  : directory traversalProblem type   : local(remote)Debian-specific: noCVE Id(s)      : CVE-2010-0012Dan Rosenberg discovered that Transmission, a lightwight client forthe Bittorrent filesharing protocol performs insufficient sanitisingof file names specified in .torrent files. This could lead to theoverwrite of local files with the privileges of the user runningTransmission if the user is tricked into opening a malicious torrentfile.~Eric

#87 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 12 January 2010 - 08:13 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1969-1                  security@debian.orghttp://www.debian.org/security/                        Giuseppe IuculanoJanuary 12, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : krb5Vulnerability  : integer underflowProblem type   : remoteDebian-specific: noCVE IDs        : CVE-2009-4212Debian Bug     : noneIt was discovered that krb5, a system for authenticating users and services on anetwork, is prone to integer underflow in the AES and RC4 decryption operations ofthe crypto library. A remote attacker can cause crashes, heap corruption, or,under extraordinarily unlikely conditions, arbitrary code execution.~Eric

#88 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 14 January 2010 - 01:30 AM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1970-1                  security@debian.orghttp://www.debian.org/security/                           Stefan FritschJanuary 13, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : opensslVulnerability  : denial of serviceProblem type   : remoteDebian-specific: noCVE Id         : CVE-2009-4355It was discovered that a significant memory leak could occur in openssl,related to the reinitialization of zlib. This could result in a remotelyexploitable denial of service vulnerability when using the Apache httpdserver in a configuration where mod_ssl, mod_php5, and the php5-curlextension are loaded.The old stable distribution (etch) is not affected by this issue.~Eric

#89 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 15 January 2010 - 10:56 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1971-1                    security@debian.orghttp://www.debian.org/security/                        Giuseppe IuculanoJanuary 15, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : libthaiVulnerability  : integer overflowProblem type   : local (remote)Debian-specific: noCVE Id         : CVE-2009-4012Tim Starling discovered that libthai, a set of Thai language support routines,is vulnerable of integer/heap overflow.This vulnerability could allow an attacker to run arbitrary code by sending a verylong string.~Eric

#90 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 17 January 2010 - 08:03 PM

Updates Debian Lenny- -------------------------------------------------------------------------Debian Security Advisory DSA-1972-1                  security@debian.orghttp://www.debian.org/security/                           Stefan FritschJanuary 17, 2010                      http://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : audiofileVulnerability  : buffer overflowProblem type   : local (remote)Debian-specific: noCVE Id         : CVE-2008-5824Debian bug     : 510205Max Kellermann discovered a heap-based buffer overflow in the handlingof ADPCM WAV files in libaudiofile. This flaw could result in a denialof service (application crash) or possibly execution of arbitrary codevia a crafted WAV file.~Eric

#91 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 19 January 2010 - 07:05 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1973-1                  security@debian.orghttp://www.debian.org/security/                      Aurelien JarnoJanuary 19, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : glibc, eglibcVulnerability  : information disclosureProblem type   : localDebian-specific: noCVE Id         : CVE-2010-0015Debian Bug     : 560333Christoph Pleger has discovered that the GNU C Library (aka glibc) andits derivatives add information from the passwd.adjunct.byname map toentries in the passwd map, which allows local users to obtain theencrypted passwords of NIS accounts by calling the getpwnam function.~Eric

#92 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 20 January 2010 - 05:47 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1974-1                  security@debian.orghttp://www.debian.org/security/                      Steffen JoerisJanuary 20, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : gzipVulnerability  : severalProblem type   : local (remote)Debian-specific: noCVE Ids        : CVE-2009-2624 CVE-2010-0001Debian Bug     : 507263Several vulnerabilities have been found in gzip, the GNU compressionutilities. The Common Vulnerabilities and Exposures project identifiesthe following problems:CVE-2009-2624Thiemo Nagel discovered a missing input sanitation flaw in the way gzipused to decompress data blocks for dynamic Huffman codes, which couldlead to the execution of arbitrary code when trying to decompress acrafted archive. This issue is a reappearance of CVE-2006-4334 and onlyaffects the lenny version.CVE-2010-0001Aki Helin discovered an integer underflow when decompressing files thatare compressed using the LZW algorithm. This could lead to the executionof arbitrary code when trying to decompress a crafted LZW compressedgzip archive.~Eric

#93 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 20 January 2010 - 05:49 PM

***IMPORTANT NOTICE***Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1975-1                  security@debian.orghttp://www.debian.org/security/                           Stefan FritschJanuary 20, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Security Support for Debian GNU/Linux 4.0 to be discontinued onFebruary 15thOne year after the release of Debian GNU/Linux 5.0 alias 'lenny' andnearly three years after the release of Debian GNU/Linux 4.0 alias'etch' the security support for the old distribution (4.0 alias'etch') is coming to an end next month.  The Debian project is proudto be able to support its old distribution for such a long time andeven for one year after a new version has been released.The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' onthe 14th of February 2009.  Users and Distributors have been given aone-year timeframe to upgrade their old installations to the currentstable release.  Hence, the security support for the old release of4.0 is going to end in February 2010 as previously announced.Previously announced security updates for the old release will continueto be available on security.debian.org.~Eric

#94 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 21 January 2010 - 08:13 PM

Updates Debian Lenny- -------------------------------------------------------------------------Debian Security Advisory DSA-1972-2                  security@debian.orghttp://www.debian.org/security/                           Stefan FritschJanuary 21, 2010                      http://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : audiofileVulnerability  : buffer overflowProblem type   : local (remote)Debian-specific: noCVE Id         : CVE-2008-5824Debian bug     : 510205This advisory adds the packages for the old stable distribution (etch),with the exception of the mips packages. The updates for the mipsarchitecture will be released when they become available.The packages for the stable distribution (lenny) have been releasedin DSA-1972-1. For reference, the advisory text is provided below.Max Kellermann discovered a heap-based buffer overflow in the handlingof ADPCM WAV files in libaudiofile. This flaw could result in a denialof service (application crash) or possibly execution of arbitrary codevia a crafted WAV file.~Eric

#95 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 22 January 2010 - 10:52 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1976-1                  security@debian.orghttp://www.debian.org/security/                        Giuseppe IuculanoJanuary 22, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : dokuwikiVulnerability  : several vulnerabilitiesProblem type   : remoteDebian-specific: noDebian bugs    : 565406CVE Ids        : CVE-2010-0287 CVE-2010-0288 CVE-2010-0289Several vulnerabilities have been discovered in dokuwiki, a standards compliantsimple to use wiki.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2010-0287It was discovered that an internal variable is not properly sanitized beforebeing used to list directories. This can be exploited to list contents ofarbitrary directories.CVE-2010-0288It was discovered that the ACL Manager plugin doesn't properly check theadministrator permissions. This allow an attacker to introduce arbitrary ACLrules and thus gaining access to a closed Wiki.CVE-2010-0289It was discovered that the ACL Manager plugin doesn't have protections againstcross-site request forgeries (CSRF). This can be exploited to change theaccess control rules by tricking a logged in administrator into visitinga malicious web site.~Eric

#96 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 25 January 2010 - 06:20 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1977-1                  security@debian.orghttp://www.debian.org/security/                        Giuseppe IuculanoJanuary 25, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages       : python2.4 python2.5Vulnerability  : several vulnerabilitiesProblem type   : local (remote)Debian-specific: noCVE Id         : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720Debian Bug     : 493797 560912 560913Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copyin the interpreter for the Python language, does not properly process malformed orcrafted XML files. (CVE-2009-3560 CVE-2009-3720)This vulnerability could allow an attacker to cause a denial of service while parsinga malformed XML file.In addition, this update fixes an integer overflow in the hashlib module in python2.5.This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)It only affects the oldstable distribution (etch).~Eric

#97 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 26 January 2010 - 06:05 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1978-1                  security@debian.orghttp://www.debian.org/security/                       Moritz MuehlenhoffJanuary 26, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : phpgroupwareVulnerability  : severalProblem-Type   : remoteDebian-specific: noCVE ID         : CVE-2009-4414 CVE-2009-4415 CVE-2009-4416Several remote vulnerabilities have been discovered in phpgroupware, aWeb based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:CVE-2009-4414    An SQL injection vulnerability was found in the authentication    module.CVE-2009-4415    Multiple directory traversal vulnerabilities were found in the    addressbook module.CVE-2009-4416    The authentication module is affected by cross-site scripting.~Eric

#98 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 28 January 2010 - 02:18 AM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1979-1                  security@debian.orghttp://www.debian.org/security/                         Raphael GeissertJanuary 27, 2009                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : lintianVulnerability  : multipleProblem type   : localDebian-specific: noCVE Id(s)      : CVE-2009-4013 CVE-2009-4014 CVE-2009-4015Multiple vulnerabilities have been discovered in lintian,a Debian package checker. The following Common Vulnerabilities andExposures project ids have been assigned to identify them:CVE-2009-4013: missing control files sanitation    Control field names and values were not sanitised before using them    in certain operations that could lead to directory traversals.    Patch systems' control files were not sanitised before using them    in certain operations that could lead to directory traversals.    An attacker could exploit these vulnerabilities to overwrite    arbitrary files or disclose system information.CVE-2009-4014: format string vulnerabilities    Multiple check scripts and the Lintian::Schedule module were using    user-provided input as part of the sprintf/printf format string.CVE-2009-4015: arbitrary command execution    File names were not properly escaped when passing them as arguments    to certain commands, allowing the execution of other commands as    pipes or as a set of shell commands.- ------------------------------------------------------------------------Debian Security Advisory DSA-1980-1                  security@debian.orghttp://www.debian.org/security/                      Steffen JoerisJanuary 27, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : ircd-hybrid/ircd-ratboxVulnerability  : integer underflow/denial of serviceProblem type   : remoteDebian-specific: noCVE Ids        : CVE-2009-4016 CVE-2010-0300David Leadbeater discovered an integer underflow that could be triggeredvia the LINKS command and can lead to a denial of service or theexecution of arbitrary code (CVE-2009-4016). This issue affects both,ircd-hybrid and ircd-ratbox.It was discovered that the ratbox IRC server is prone to a denial ofservice attack via the HELP command. The ircd-hybrid package is notvulnerable to this issue (CVE-2010-0300).~Eric

#99 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 28 January 2010 - 02:26 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1981-1                  security@debian.orghttp://www.debian.org/security/                      Steffen JoerisJanuary 28, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Package        : maildropVulnerability  : privilege escalationProblem type   : localDebian-specific: noCVE Id         : No CVE id yetDebian Bug     : 564601Christoph Anton Mitterer discovered that maildrop, a mail delivery agentwith filtering abilities, is prone to a privilege escalation issue thatgrants a user root group privileges.~Eric

#100 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,503 posts

Posted 30 January 2010 - 07:27 PM

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1984-1                  security@debian.orghttp://www.debian.org/security/                        Giuseppe IuculanoJanuary 30, 2010                      http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages       : libxerces2-javaVulnerability  : denial of serviceProblem type   : remoteDebian-specific: noCVE Id         : CVE-2009-2625Debian Bug     : 548358It was discovered that libxerces2-java, a validating XML parser for Java,does not properly process malformed XML files.This vulnerability could allow an attacker to cause a denial of service while parsinga malformed XML file.~Eric





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users