Debian.org - Debian Security Advisories

DSA-2399 php5 - several vulnerabilities

31.01.2012 16:15 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:

DSA-2397 icu - buffer underflow

31.01.2012 03:15 It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.

DSA-2398 curl - several vulnerabilities

31.01.2012 03:15 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2396 qemu-kvm - buffer underflow

28.01.2012 03:45 Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.

DSA-2395 wireshark - buffer underflow

28.01.2012 03:45 Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code .

DSA-2394 libxml2 - several vulnerabilities

27.01.2012 08:15 Many security problems have been fixed in libxml2, a popular library to handle XML data files.

DSA-2393 bip - buffer overflow

25.01.2012 23:45 Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users.

DSA-2392 openssl - out-of-bounds read

24.01.2012 05:15 Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.

DSA-2391 phpmyadmin - several vulnerabilities

22.01.2012 20:45 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2389 linux-2.6 - privilege escalation/denial of service/information leak

16.01.2012 12:00 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-2390 openssl - several vulnerabilities

16.01.2012 02:15 Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

DSA-2388 t1lib - several vulnerabilities

15.01.2012 19:45 Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.

DSA-2386 openttd - several vulnerabilities

12.01.2012 04:00 Several vulnerabilities have been discovered in OpenTTD, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service.

DSA-2387 simplesamlphp - insufficient input sanitation

12.01.2012 00:45 timtai1 discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data.

DSA-2385 pdns - packet loop

11.01.2012 15:00 Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.