Советы по безопасности за 2012 год

[30.12.2012] DSA-2596 mediawiki-extensions - межсайтовый скриптинг
[30.12.2012] DSA-2595 ghostscript - переполнение целых чисел
[30.12.2012] DSA-2594 virtualbox-ose - ошибка программирования
[29.12.2012] DSA-2593 moin - несколько уязвимостей
[28.12.2012] DSA-2592 elinks - ошибка программирования
[27.12.2012] DSA-2591 mahara - несколько узявимостей
[26.12.2012] DSA-2590 wireshark - несколько уязвимостей
[16.12.2012] DSA-2589 tiff - переполнение буфера
[16.12.2012] DSA-2588 icedove - обновление безопасности
[11.12.2012] DSA-2587 libcgi-pm-perl - инъекция заголовка HTTP
[11.12.2012] DSA-2586 perl - несколько уязвимостей
[11.12.2012] DSA-2585 bogofilter - переполнение буфера
[08.12.2012] DSA-2584 iceape - несколько уязвимостей
[08.12.2012] DSA-2583 iceweasel - несколько уязвимостей
[07.12.2012] DSA-2582 xen - несколько уязвимостей
[04.12.2012] DSA-2581 mysql-5.1 - несколько уязвимостей
[02.12.2012] DSA-2580 libxml2 - переполнение буфера
[30.11.2012] DSA-2579 apache2 - многочисленные проблемы
[28.11.2012] DSA-2578 rssh - недостаточная фильтрация командной строки rsync
[01.12.2012] DSA-2577 libssh - несколько уязвимостей
[23.11.2012] DSA-2576 trousers - отказ в обслуживании
[18.11.2012] DSA-2575 tiff - переполнение динамической памяти
[15.11.2012] DSA-2574 typo3-src - several vulnerabilities
[10.11.2012] DSA-2573 radsecproxy - SSL certificate verification weakness
[04.11.2012] DSA-2572 iceape - several vulnerabilities
[04.11.2012] DSA-2571 libproxy - buffer overflow
[31.10.2012] DSA-2570 openoffice.org - several vulnerabilities
[29.10.2012] DSA-2569 icedove - several vulnerabilities
[26.10.2012] DSA-2568 rtfm - повышение привилегий
[26.10.2012] DSA-2567 request-tracker3.8 - several vulnerabilities
[25.10.2012] DSA-2566 exim4 - heap-based buffer overflow
[23.10.2012] DSA-2565 iceweasel - several vulnerabilities
[23.10.2012] DSA-2564 tinyproxy - denial of service
[23.10.2012] DSA-2563 viewvc - several vulnerabilities
[23.10.2012] DSA-2562 cups-pk-helper - privilege escalation
[21.10.2012] DSA-2561 tiff - buffer overflow
[20.10.2012] DSA-2560 bind9 - отказ в обслуживании
[11.10.2012] DSA-2559 libexif - several vulnerabilities
[08.10.2012] DSA-2558 bacula - information disclosure
[08.10.2012] DSA-2557 hostapd - buffer overflow
[07.10.2012] DSA-2556 icedove - several vulnerabilities
[05.10.2012] DSA-2555 libxslt - several vulnerabilities
[26.09.2012] DSA-2554 iceape - several vulnerabilities
[24.09.2012] DSA-2553 iceweasel - several vulnerabilities
[26.09.2012] DSA-2552 tiff - several vulnerabilities
[23.09.2012] DSA-2551 isc-dhcp - denial of service
[26.09.2012] DSA-2550 asterisk - several vulnerabilities
[15.09.2012] DSA-2549 devscripts - multiple vulnerabilities
[13.09.2012] DSA-2548 tor - several vulnerabilities
[12.09.2012] DSA-2547 bind9 - неправильный объект
[11.09.2012] DSA-2546 freeradius - stack-based buffer overflows
[08.09.2012] DSA-2545 qemu - multiple vulnerabilities
[08.09.2012] DSA-2544 xen - denial of service
[08.09.2012] DSA-2543 xen-qemu-dm-4.0 - multiple vulnerabilities
[08.09.2012] DSA-2542 qemu-kvm - multiple vulnerabilities
[07.09.2012] DSA-2541 beaker - information disclosure
[07.09.2012] DSA-2540 mahara - cross-site scripting
[06.09.2012] DSA-2539 zabbix - SQL injection
[05.09.2012] DSA-2538 moin - privilege escalation
[30.08.2012] DSA-2537 typo3-src - several vulnerabilities
[30.08.2012] DSA-2536 otrs2 - cross-site scripting
[29.08.2012] DSA-2535 rtfm - cross-site scripting
[25.08.2012] DSA-2534 postgresql-8.4 - several vulnerabilities
[23.08.2012] DSA-2533 pcp - several vulnerabilities
[22.08.2012] DSA-2532 libapache2-mod-rpaf - denial of service
[18.08.2012] DSA-2531 xen - Denial of Service
[15.08.2012] DSA-2530 rssh - инъекция команд командной оболочки
[14.08.2012] DSA-2529 python-django - several vulnerabilities
[14.08.2012] DSA-2528 icedove - several vulnerabilities
[13.08.2012] DSA-2527 php5 - several vulnerabilities
[12.08.2012] DSA-2526 libotr - heap-based buffer overflows
[06.08.2012] DSA-2525 expat - several vulnerabilities
[06.08.2012] DSA-2524 openttd - несколько уязвимостей
[06.08.2012] DSA-2523 globus-gridftp-server - programming error
[05.08.2012] DSA-2522 fckeditor - cross site scripting
[04.08.2012] DSA-2521 libxml2 - переполнение целых чисел
[01.08.2012] DSA-2520 openoffice.org - Multiple heap-based buffer overflows
[04.08.2012] DSA-2519 isc-dhcp - several vulnerabilities
[31.07.2012] DSA-2518 krb5 - denial of service and remote code execution
[30.07.2012] DSA-2517 bind9 - denial of service
[26.07.2012] DSA-2516 isc-dhcp - several vulnerabilities
[19.07.2012] DSA-2515 nsd3 - null pointer dereference
[17.07.2012] DSA-2514 iceweasel - several vulnerabilities
[17.07.2012] DSA-2513 iceape - several vulnerabilities
[12.07.2012] DSA-2512 mono - отсутствие очистки ввода
[12.07.2012] DSA-2511 puppet - several vulnerabilities
[12.07.2012] DSA-2510 extplorer - Cross-site request forgery
[08.07.2012] DSA-2509 pidgin - remote code execution
[22.07.2012] DSA-2508 kfreebsd-8 - privilege escalation
[04.07.2012] DSA-2507 openjdk-6 - several vulnerabilities
[02.07.2012] DSA-2506 libapache-mod-security - ModSecurity bypass
[29.06.2012] DSA-2505 zendframework - information disclosure
[28.06.2012] DSA-2504 libspring-2.5-java - information disclosure
[28.06.2012] DSA-2503 bcfg2 - инъекция команд командной оболочки
[24.06.2012] DSA-2502 python-crypto - programming error
[24.06.2012] DSA-2501 xen - several vulnerabilities
[24.06.2012] DSA-2500 mantis - several vulnerabilities
[24.06.2012] DSA-2499 icedove - several vulnerabilities
[23.06.2012] DSA-2498 dhcpcd - remote stack overflow
[20.06.2012] DSA-2497 quagga - denial of service
[18.06.2012] DSA-2496 mysql-5.1 - several vulnerabilities
[16.06.2012] DSA-2495 openconnect - переполнение буфера
[14.06.2012] DSA-2494 ffmpeg - several vulnerabilities
[12.06.2012] DSA-2493 asterisk - denial of service
[10.06.2012] DSA-2492 php5 - buffer overflow
[09.06.2012] DSA-2491 postgresql-8.4 - several vulnerabilities
[07.06.2012] DSA-2490 nss - denial of service
[07.06.2012] DSA-2489 iceape - several vulnerabilities
[07.06.2012] DSA-2488 iceweasel - several vulnerabilities
[07.06.2012] DSA-2487 openoffice.org - buffer overflow
[05.06.2012] DSA-2486 bind9 - отказ в обслуживании
[03.06.2012] DSA-2485 imp4 - cross site scripting
[02.06.2012] DSA-2484 nut - отказ в обслуживании
[31.05.2012] DSA-2483 strongswan - authentication bypass
[02.06.2012] DSA-2482 libgdata - insufficient certificate validation
[02.06.2012] DSA-2481 arpwatch - fails to drop supplementary groups
[15.09.2012] DSA-2480 request-tracker3.8 - several vulnerabilities
[23.05.2012] DSA-2479 libxml2 - логическая ошибка проверки условия цикла
[23.05.2012] DSA-2478 sudo - ошибка при грамматическом разборе
[20.05.2012] DSA-2477 sympa - authorization bypass
[19.05.2012] DSA-2476 pidgin-otr - format string vulnerability
[17.05.2012] DSA-2475 openssl - integer underflow
[16.05.2012] DSA-2474 ikiwiki - cross-site scripting
[16.05.2012] DSA-2473 openoffice.org - buffer overflow
[15.05.2012] DSA-2472 gridengine - privilege escalation
[13.05.2012] DSA-2471 ffmpeg - several vulnerabilities
[11.05.2012] DSA-2470 wordpress - several vulnerabilities
[10.05.2012] DSA-2469 linux-2.6 - privilege escalation/denial of service
[09.05.2012] DSA-2468 libjakarta-poi-java - неограниченное выделение памяти
[09.05.2012] DSA-2467 mahara - insecure defaults
[09.05.2012] DSA-2466 rails - cross site scripting
[09.05.2012] DSA-2465 php5 - several vulnerabilities
[08.05.2012] DSA-2464 icedove - several vulnerabilities
[02.05.2012] DSA-2463 samba - отсутствие проверки прав доступа
[03.05.2012] DSA-2462 imagemagick - несколько уязвимостей
[26.04.2012] DSA-2461 spip - several vulnerabilities
[25.04.2012] DSA-2460 asterisk - several vulnerabilities
[04.05.2012] DSA-2459 quagga - several vulnerabilities
[13.05.2012] DSA-2458 iceape - several vulnerabilities
[13.05.2012] DSA-2457 iceweasel - several vulnerabilities
[23.04.2012] DSA-2456 dropbear - use after free
[20.04.2012] DSA-2455 typo3-src - missing input sanitization
[24.04.2012] DSA-2454 openssl - multiple vulnerabilities
[16.04.2012] DSA-2453 gajim - several vulnerabilities
[15.04.2012] DSA-2452 apache2 - insecure default configuration
[13.04.2012] DSA-2451 puppet - several vulnerabilities
[12.04.2012] DSA-2450 samba - privilege escalation
[12.04.2012] DSA-2449 sqlalchemy - missing input sanitization
[10.04.2012] DSA-2448 inspircd - buffer overflow
[04.04.2012] DSA-2447 tiff - переполнение целых чисел
[04.04.2012] DSA-2446 libpng - некорректная обработка памяти
[31.03.2012] DSA-2445 typo3-src - several vulnerabilities
[29.03.2012] DSA-2444 tryton-server - повышение привилегий
[26.03.2012] DSA-2443 linux-2.6 - privilege escalation/denial of service
[31.03.2012] DSA-2442 openarena - UDP traffic amplification
[25.03.2012] DSA-2441 gnutls26 - missing bounds check
[24.03.2012] DSA-2440 libtasn1-3 - missing bounds check
[22.03.2012] DSA-2439 libpng - buffer overflow
[22.03.2012] DSA-2438 raptor - ошибка программирования
[21.03.2012] DSA-2437 icedove - several vulnerabilities
[19.03.2012] DSA-2436 libapache2-mod-fcgid - inactive resource limits
[19.03.2012] DSA-2435 gnash - several vulnerabilities
[19.03.2012] DSA-2434 nginx - sensitive information leak
[15.03.2012] DSA-2433 iceweasel - several vulnerabilities
[12.03.2012] DSA-2432 libyaml-libyaml-perl - уязвимости форматной строки
[11.03.2012] DSA-2431 libdbd-pg-perl - уязвимости форматной строки
[10.03.2012] DSA-2430 python-pam - двойное освобождение памяти
[07.03.2012] DSA-2429 mysql-5.1 - several vulnerabilities
[07.03.2012] DSA-2428 freetype - several vulnerabilities
[06.03.2012] DSA-2427 imagemagick - several vulnerabilities
[06.03.2012] DSA-2426 gimp - several vulnerabilities
[04.03.2012] DSA-2425 plib - переполнение буфера
[04.03.2012] DSA-2424 libxml-atom-perl - XML external entity expansion
[02.03.2012] DSA-2423 movabletype-opensource - several vulnerabilities
[09.05.2012] DSA-2422 file - missing bounds checks
[29.02.2012] DSA-2421 moodle - several vulnerabilities
[28.02.2012] DSA-2420 openjdk-6 - several vulnerabilities
[27.02.2012] DSA-2419 puppet - several vulnerabilities
[27.02.2012] DSA-2418 postgresql-8.4 - several vulnerabilities
[22.02.2012] DSA-2417 libxml2 - computational denial of service
[22.02.2012] DSA-2416 notmuch - information disclosure
[21.02.2012] DSA-2415 libmodplug - several vulnerabilities
[25.02.2012] DSA-2414 fex - insufficient input sanitization
[20.02.2012] DSA-2413 libarchive - buffer overflows
[19.02.2012] DSA-2412 libvorbis - переполнение буфера
[19.02.2012] DSA-2411 mumble - information disclosure
[15.02.2012] DSA-2410 libpng - переполнение целых чисел
[15.02.2012] DSA-2409 devscripts - several vulnerabilities
[13.02.2012] DSA-2408 php5 - several vulnerabilities
[09.02.2012] DSA-2407 cvs - переполнение целых чисел
[09.02.2012] DSA-2406 icedove - several vulnerabilities
[06.02.2012] DSA-2405 apache2 - multiple issues
[05.02.2012] DSA-2404 xen-qemu-dm-4.0 - buffer overflow
[06.02.2012] DSA-2403 php5 - code injection
[02.02.2012] DSA-2402 iceape - several vulnerabilities
[02.02.2012] DSA-2401 tomcat6 - several vulnerabilities
[02.02.2012] DSA-2400 iceweasel - several vulnerabilities
[31.01.2012] DSA-2399 php5 - several vulnerabilities
[31.03.2012] DSA-2398 curl - several vulnerabilities
[29.01.2012] DSA-2397 icu - переполнение буфера
[27.01.2012] DSA-2396 qemu-kvm - buffer underflow
[27.01.2012] DSA-2395 wireshark - buffer underflow
[27.01.2012] DSA-2394 libxml2 - several vulnerabilities
[25.01.2012] DSA-2393 bip - buffer overflow
[23.01.2012] DSA-2392 openssl - out-of-bounds read
[22.01.2012] DSA-2391 phpmyadmin - several vulnerabilities
[15.01.2012] DSA-2390 openssl - several vulnerabilities
[15.01.2012] DSA-2389 linux-2.6 - privilege escalation/denial of service/information leak
[14.01.2012] DSA-2388 t1lib - several vulnerabilities
[11.01.2012] DSA-2387 simplesamlphp - insufficient input sanitation
[10.01.2012] DSA-2386 openttd - several vulnerabilities
[10.01.2012] DSA-2385 pdns - packet loop
[04.02.2012] DSA-2384 cacti - several vulnerabilities
[08.01.2012] DSA-2383 super - buffer overflow
[07.01.2012] DSA-2382 ecryptfs-utils - multiple vulnerabilities
[06.01.2012] DSA-2381 squid3 - invalid memory deallocation
[04.01.2012] DSA-2380 foomatic-filters - shell command injection
[04.01.2012] DSA-2379 krb5 - several vulnerabilities
[03.01.2012] DSA-2378 ffmpeg - several vulnerabilities
[01.01.2012] DSA-2377 cyrus-imapd-2.2 - NULL pointer dereference

Вы можете получать последние анонсы о безопасности в Debian, подписавшись на список рассылки debian-security-announce. Архив списка рассылки доступен здесь.