Navigation
User login
Syndicate
debian
DSA-1695 ruby1.8, ruby1.9 - memory leak
The regular expression engine of Ruby, a scripting language, contains a
memory leak which can be triggered remotely under certain circumstances,
leading to a denial of service condition (CVE-2008-3443).
DSA-1694 xterm - design flaw
Paul Szabo discovered that xterm, a terminal emulator for the X Window
System, places arbitrary characters into the input buffer when
displaying certain crafted escape sequences (CVE-2008-2383).
DSA-1693 phppgadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
DSA-1692 php-xajax - insufficient input sanitising
It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows attackers
to perform cross-site scripting attacks by using malicious URLs.
DSA-1691 moodle - several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, an online
course management system. The following issues are addressed in this
update, ranging from cross site scripting to remote code execution.
DSA-1690 avahi - assert errors
Two denial of service conditions were discovered in avahi, a Multicast
DNS implementation.
DSA-1689 proftpd-dfsg - missing input validation
Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is
vulnerable to cross-site request forgery (CSRF) attacks and executes
arbitrary FTP commands via a long ftp:// URI that leverages an
existing session from the FTP client implementation in a web browser.
DSA-1688 courier-authlib - SQL injection
Two SQL injection vulnerabilities have beein found in courier-authlib,
the courier authentification library. The MySQL database interface used
insufficient escaping mechanisms when constructing SQL statements,
leading to SQL injection vulnerabilities if certain charsets are used
(CVE-2008-2380). A similar issue affects the PostgreSQL database
interface (CVE-2008-2667).
DSA-1687 linux-2.6 - denial of service/privilege escalation
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:
DSA-1686 no-ip - buffer overflow
A buffer overflow has been discovered in the HTTP parser of the No-IP.com
Dynamic DNS update client, which may result in the execution of arbitrary
code.
