Security Information / Bezpečnostní zprávy z roku 2004

Bezpečnostní zprávy z roku 2004

[31.12.2004] DSA-621 cupsys - přetečení bufferu
[30.12.2004] DSA-620 perl - nespolehlivé dočasné soubory / adresáře
[30.12.2004] DSA-619 xpdf - přetečení bufferu
[24.12.2004] DSA-618 imlib - přetečení bufferu, celočíselná přetečení
[24.12.2004] DSA-617 tiff - nedostatečná kontrola vstupu
[23.12.2004] DSA-616 netkit-telnet-ssl - formátování řetězce
[22.12.2004] DSA-615 debmake - nespolehlivý dočasný soubor
[21.12.2004] DSA-614 xzgv - celočíselná přetečení
[21.12.2004] DSA-613 ethereal - nekonečná smyčka
[20.12.2004] DSA-612 a2ps - neošetřený vstup
[20.12.2004] DSA-611 htget - přetečení bufferu
[17.12.2004] DSA-610 cscope - nespolehlivý dočasný soubor
[14.12.2004] DSA-609 atari800 - přetečení bufferu
[14.12.2004] DSA-608 zgv - celočíselná přetečení, neošetřený vstup
[10.12.2004] DSA-607 xfree86 - několik zranitelností
[08.12.2004] DSA-606 nfs-utils - wrong signal handler
[06.12.2004] DSA-605 viewcvs - settings not honored
[03.12.2004] DSA-604 hpsockd - missing input sanitising
[01.12.2004] DSA-603 openssl - insecure temporary file
[29.11.2004] DSA-602 libgd2 - integer overflow
[29.11.2004] DSA-601 libgd - integer overflow
[07.10.2004] DSA-600 samba - arbitrary file access
[25.11.2004] DSA-599 tetex-bin - integer overflows
[25.11.2004] DSA-598 yardradius - buffer overflow
[25.11.2004] DSA-597 cyrus-imapd - buffer overflow
[24.11.2004] DSA-596 sudo - missing input sanitising
[24.11.2004] DSA-595 bnc - buffer overflow
[17.11.2004] DSA-594 apache - buffer overflows
[16.11.2004] DSA-593 imagemagick - buffer overflow
[12.11.2004] DSA-592 ez-ipupdate - format string
[09.11.2004] DSA-591 libgd2 - integer overflows
[09.11.2004] DSA-590 gnats - format string vulnerability
[09.11.2004] DSA-589 libgd1 - integer overflows
[08.11.2004] DSA-588 gzip - insecure temporary files
[08.11.2004] DSA-587 freeamp - buffer overflow
[08.11.2004] DSA-586 ruby - infinite loop
[05.11.2004] DSA-585 shadow - programming error
[04.11.2004] DSA-584 dhcp - format string vulnerability
[03.11.2004] DSA-583 lvm10 - insecure temporary directory
[02.11.2004] DSA-582 libxml - buffer overflow
[02.11.2004] DSA-581 xpdf - integer overflows
[01.11.2004] DSA-580 iptables - missing initialisation
[01.11.2004] DSA-579 abiword - buffer overflow
[01.11.2004] DSA-578 mpg123 - buffer overflow
[29.10.2004] DSA-577 postgresql - insecure temporary file
[29.10.2004] DSA-576 squid - several vulnerabilities
[28.10.2004] DSA-575 catdoc - insecure temporary file
[28.10.2004] DSA-574 cabextract - missing directory sanitising
[21.10.2004] DSA-573 cupsys - integer overflows
[21.10.2004] DSA-572 ecartis - several vulnerabilities
[20.10.2004] DSA-571 libpng3 - buffer overflows, integer overflow
[20.10.2004] DSA-570 libpng - integer overflow
[18.10.2004] DSA-569 netkit-telnet-ssl - invalid free(3)
[16.10.2004] DSA-568 cyrus-sasl-mit - unsanitised input
[15.10.2004] DSA-567 tiff - heap overflows
[14.10.2004] DSA-566 cupsys - unsanitised input
[13.10.2004] DSA-565 sox - buffer overflow
[13.10.2004] DSA-564 mpg123 - missing user input sanitising
[14.10.2004] DSA-563 cyrus-sasl - unsanitised input
[11.10.2004] DSA-562 mysql - several vulnerabilities
[11.10.2004] DSA-561 xfree86 - integer and stack overflows
[07.10.2004] DSA-560 lesstif1-1 - integer and stack overflows
[06.10.2004] DSA-559 net-acct - insecure temporary file
[06.10.2004] DSA-558 libapache-mod-dav - null pointer dereference
[04.10.2004] DSA-557 rp-pppoe - missing privilege dropping
[18.10.2004] DSA-556 netkit-telnet - invalid free(3)
[30.09.2004] DSA-555 freenet6 - wrong file permissions
[27.09.2004] DSA-554 sendmail - pre-set password
[27.09.2004] DSA-553 getmail - symlink vulnerability
[22.09.2004] DSA-552 imlib2 - unsanitised input
[21.09.2004] DSA-551 lukemftpd - incorrect internal variable handling
[20.09.2004] DSA-550 wv - buffer overflow
[17.09.2004] DSA-549 gtk+ - several vulnerabilities
[16.09.2004] DSA-548 imlib - unsanitised input
[16.09.2004] DSA-547 imagemagick - buffer overflows
[16.09.2004] DSA-546 gdk-pixbuf - several vulnerabilities
[15.09.2004] DSA-545 cupsys - denial of service
[14.09.2004] DSA-544 webmin - insecure temporary directory
[31.08.2004] DSA-543 krb5 - several vulnerabilities
[30.08.2004] DSA-542 qt - unsanitised input
[24.08.2004] DSA-541 icecast-server - missing escape
[18.08.2004] DSA-540 mysql - insecure file creation
[17.08.2004] DSA-539 kdelibs - temporary directory vulnerability
[17.08.2004] DSA-538 rsync - unsanitised input processing
[16.08.2004] DSA-537 ruby - insecure file permissions
[04.08.2004] DSA-536 libpng - several vulnerabilities
[02.08.2004] DSA-535 squirrelmail - several vulnerabilities
[22.07.2004] DSA-534 mailreader - directory traversal
[22.07.2004] DSA-533 courier - cross-site scripting
[27.07.2004] DSA-532 libapache-mod-ssl - several vulnerabilities
[20.07.2004] DSA-531 php4 - several vulnerabilities
[17.07.2004] DSA-530 l2tpd - buffer overflow
[17.07.2004] DSA-529 netkit-telnet-ssl - format string
[17.07.2004] DSA-528 ethereal - denial of service
[03.07.2004] DSA-527 pavuk - buffer overflow
[03.07.2004] DSA-526 webmin - several vulnerabilities
[24.06.2004] DSA-525 apache - buffer overflow
[19.06.2004] DSA-524 rlpr - several vulnerabilities
[19.06.2004] DSA-523 www-sql - buffer overflow
[19.06.2004] DSA-522 super - format string vulnerability
[18.06.2004] DSA-521 sup - format string vulnerability
[16.06.2004] DSA-520 krb5 - buffer overflows
[15.06.2004] DSA-519 cvs - several vulnerabilities
[14.06.2004] DSA-518 kdelibs - unsanitised input
[10.06.2004] DSA-517 cvs - buffer overflow
[07.06.2004] DSA-516 postgresql - buffer overflow
[05.06.2004] DSA-515 lha - several vulnerabilities
[04.06.2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
[03.06.2004] DSA-513 log2mail - format string
[02.06.2004] DSA-512 gallery - unauthenticated access
[30.05.2004] DSA-511 ethereal - buffer overflows
[29.05.2004] DSA-510 jftpgw - format string
[29.05.2004] DSA-509 gatos - privilege escalation
[22.05.2004] DSA-508 xpcd - buffer overflow
[19.05.2004] DSA-507 cadaver - buffer overflow
[19.05.2004] DSA-506 neon - buffer overflow
[19.05.2004] DSA-505 cvs - heap overflow
[18.05.2004] DSA-504 heimdal - missing input sanitising
[13.05.2004] DSA-503 mah-jong - missing argument check
[11.05.2004] DSA-502 exim-tls - buffer overflow
[07.05.2004] DSA-501 exim - buffer overflow
[01.05.2004] DSA-500 flim - insecure temporary file
[02.06.2004] DSA-499 rsync - directory traversal
[30.04.2004] DSA-498 libpng - out of bound access
[29.04.2004] DSA-497 mc - several vulnerabilities
[29.04.2004] DSA-496 eterm - missing input sanitising
[26.04.2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
[21.04.2004] DSA-494 ident2 - buffer overflow
[21.04.2004] DSA-493 xchat - buffer overflow
[18.04.2004] DSA-492 iproute - denial of service
[17.04.2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
[17.04.2004] DSA-490 zope - arbitrary code execution
[17.04.2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
[16.04.2004] DSA-488 logcheck - insecure temporary directory
[16.04.2004] DSA-487 neon - format string
[16.04.2004] DSA-486 cvs - several vulnerabilities
[14.04.2004] DSA-485 ssmtp - format string
[14.04.2004] DSA-484 xonix - failure to drop privileges
[14.04.2004] DSA-483 mysql - insecure temporary file creation
[14.04.2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
[14.04.2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
[14.04.2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
[14.04.2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
[06.04.2004] DSA-478 tcpdump - denial of service
[06.04.2004] DSA-477 xine-ui - insecure temporary file creation
[06.04.2004] DSA-476 heimdal - cross-realm
[05.04.2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
[03.04.2004] DSA-474 squid - ACL bypass
[03.04.2004] DSA-473 oftpd - denial of service
[03.04.2004] DSA-472 fte - several vulnerabilities
[02.04.2004] DSA-471 interchange - missing input sanitising
[01.04.2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
[29.03.2004] DSA-469 pam-pgsql - missing input sanitising
[24.03.2004] DSA-468 emil - several vulnerabilities
[23.03.2004] DSA-467 ecartis - several vulnerabilities
[18.03.2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
[17.03.2004] DSA-465 openssl - several vulnerabilities
[16.03.2004] DSA-464 gdk-pixbuf - broken image handling
[12.03.2004] DSA-463 samba - privilege escalation
[12.03.2004] DSA-462 xitalk - missing privilege release
[11.03.2004] DSA-461 calife - buffer overflow
[10.03.2004] DSA-460 sysstat - insecure temporary file
[10.03.2004] DSA-459 kdelibs - cookie path traversal
[10.10.2004] DSA-458 python2.2 - buffer overflow
[08.03.2004] DSA-457 wu-ftpd - several vulnerabilities
[06.03.2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
[03.03.2004] DSA-455 libxml - buffer overflows
[02.03.2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
[02.03.2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
[29.02.2004] DSA-452 libapache-mod-python - denial of service
[27.02.2004] DSA-451 xboing - buffer overflows
[27.02.2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
[24.02.2004] DSA-449 metamail - buffer overflow, format string bugs
[22.02.2004] DSA-448 pwlib - several vulnerabilities
[22.02.2004] DSA-447 hsftp - format string
[21.02.2004] DSA-446 synaesthesia - insecure file creation
[21.02.2004] DSA-445 lbreakout2 - buffer overflow
[20.02.2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
[19.02.2004] DSA-443 xfree86 - several vulnerabilities
[19.02.2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
[18.02.2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
[18.02.2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
[18.02.2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
[18.02.2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
[11.02.2004] DSA-437 cgiemail - open mail relay
[08.02.2004] DSA-436 mailman - several vulnerabilities
[06.02.2004] DSA-435 mpg123 - heap overflow
[05.02.2004] DSA-434 gaim - several vulnerabilities
[04.02.2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
[03.02.2004] DSA-432 crawl - buffer overflow
[01.02.2004] DSA-431 perl - information leak
[28.01.2004] DSA-430 trr19 - missing privilege release
[26.01.2004] DSA-429 gnupg - cryptographic weakness
[20.01.2004] DSA-428 slocate - buffer overflow
[19.01.2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
[18.01.2004] DSA-426 netpbm-free - insecure temporary files
[16.01.2004] DSA-425 tcpdump - multiple vulnerabilities
[16.01.2004] DSA-424 mc - buffer overflow
[15.01.2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
[13.01.2004] DSA-422 cvs - remote vulnerability
[12.01.2004] DSA-421 mod-auth-shadow - password expiration
[12.01.2004] DSA-420 jitterbug - improperly sanitised input
[09.01.2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
[07.01.2004] DSA-418 vbox3 - privilege leak
[07.01.2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
[06.01.2004] DSA-416 fsp - buffer overflow, directory traversal
[06.01.2004] DSA-415 zebra - denial of service
[06.01.2004] DSA-414 jabber - denial of service
[06.01.2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
[05.01.2004] DSA-412 nd - buffer overflows
[05.01.2004] DSA-411 mpg321 - format string vulnerability
[05.01.2004] DSA-410 libnids - buffer overflow
[05.01.2004] DSA-409 bind - denial of service
[05.01.2004] DSA-408 screen - integer overflow
[05.01.2004] DSA-407 ethereal - buffer overflows
[05.01.2004] DSA-406 lftp - buffer overflow

Nejnovější bezpečnostní zprávy Debianu můžete získávat přihlášením se do konference debian-security-announce. Také si můžete prohlédnout archiv konference.

---

Zpět na domovskou stránku projektu Debian.

---

---