Informazioni sulla sicurezza / Bollettini della sicurezza 2003

Bollettini della sicurezza 2003

[30 dic 2003] DSA-405 xsok - missing privilege release
[04 dic 2003] DSA-404 rsync - heap overflow
[01 dic 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
[17 nov 2003] DSA-402 minimalist - unsanitised input
[17 nov 2003] DSA-401 hylafax - format strings
[11 nov 2003] DSA-400 omega-rpg - buffer overflow
[10 nov 2003] DSA-399 epic4 - buffer overflow
[10 nov 2003] DSA-398 conquest - buffer overflow
[07 nov 2003] DSA-397 postgresql - buffer overflow
[29 ott 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
[15 ott 2003] DSA-395 tomcat4 - incorrect input handling
[11 ott 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
[01 ott 2003] DSA-393 openssl - denial of service
[29 set 2003] DSA-392 webfs - buffer overflows, file and directory exposure
[28 set 2003] DSA-391 freesweep - buffer overflow
[26 set 2003] DSA-390 marbles - buffer overflow
[20 set 2003] DSA-389 ipmasq - insecure packet filtering rules
[19 set 2003] DSA-388 kdebase - several vulnerabilities
[18 set 2003] DSA-387 gopher - buffer overflows
[18 set 2003] DSA-386 libmailtools-perl - input validation bug
[18 set 2003] DSA-385 hztty - buffer overflows
[17 set 2003] DSA-384 sendmail - buffer overflows
[17 set 2003] DSA-383 ssh-krb5 - possible remote vulnerability
[16 set 2003] DSA-382 ssh - possible remote vulnerability
[13 set 2003] DSA-381 mysql - buffer overflow
[12 set 2003] DSA-380 xfree86 - buffer overflows, denial of service
[11 set 2003] DSA-379 sane-backends - several vulnerabilities
[07 set 2003] DSA-378 mah-jong - buffer overflows, denial of service
[04 set 2003] DSA-377 wu-ftpd - insecure program execution
[04 set 2003] DSA-376 exim - buffer overflow
[29 ago 2003] DSA-375 node - buffer overflow, format string
[26 ago 2003] DSA-374 libpam-smb - buffer overflow
[16 ago 2003] DSA-373 autorespond - buffer overflow
[16 ago 2003] DSA-372 netris - buffer overflow
[11 ago 2003] DSA-371 perl - cross-site scripting
[08 ago 2003] DSA-370 pam-pgsql - format string
[08 ago 2003] DSA-369 zblast - buffer overflow
[08 ago 2003] DSA-368 xpcd - buffer overflow
[08 ago 2003] DSA-367 xtokkaetama - buffer overflow
[05 ago 2003] DSA-366 eroaster - insecure temporary file
[05 ago 2003] DSA-365 phpgroupware - several vulnerabilities
[04 ago 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
[03 ago 2003] DSA-363 postfix - denial of service, bounce-scanning
[02 ago 2003] DSA-362 mindi - insecure temporary file
[01 ago 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
[01 ago 2003] DSA-360 xfstt - several vulnerabilities
[31 lug 2003] DSA-359 atari800 - buffer overflows
[31 lug 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
[31 lug 2003] DSA-357 wu-ftpd - remote root exploit
[30 lug 2003] DSA-356 xtokkaetama - buffer overflows
[30 lug 2003] DSA-355 gallery - cross-site scripting
[29 lug 2003] DSA-354 xconq - buffer overflows
[29 lug 2003] DSA-353 sup - insecure temporary file
[22 lug 2003] DSA-352 fdclone - insecure temporary directory
[16 lug 2003] DSA-351 php4 - cross-site scripting
[15 lug 2003] DSA-350 falconseye - buffer overflow
[14 lug 2003] DSA-349 nfs-utils - buffer overflow
[11 lug 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
[08 lug 2003] DSA-347 teapop - SQL injection
[08 lug 2003] DSA-346 phpsysinfo - directory traversal
[08 lug 2003] DSA-345 xbl - buffer overflow
[08 lug 2003] DSA-344 unzip - directory traversal
[08 lug 2003] DSA-343 skk, ddskk - insecure temporary file
[07 lug 2003] DSA-342 mozart - unsafe mailcap configuration
[07 lug 2003] DSA-341 liece - insecure temporary file
[06 lug 2003] DSA-340 x-face-el - insecure temporary file
[06 lug 2003] DSA-339 semi - insecure temporary file
[29 giu 2003] DSA-338 proftpd - SQL injection
[29 giu 2003] DSA-337 gtksee - buffer overflow
[29 giu 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
[28 giu 2003] DSA-335 mantis - incorrect permissions
[28 giu 2003] DSA-334 xgalaga - buffer overflows
[27 giu 2003] DSA-333 acm - integer overflow
[27 giu 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
[27 giu 2003] DSA-331 imagemagick - insecure temporary file
[23 giu 2003] DSA-330 tcptraceroute - failure to drop root privileges
[20 giu 2003] DSA-329 osh - buffer overflows
[19 giu 2003] DSA-328 webfs - buffer overflow
[19 giu 2003] DSA-327 xbl - buffer overflows
[19 giu 2003] DSA-326 orville-write - buffer overflows
[19 giu 2003] DSA-325 eldav - insecure temporary file
[18 giu 2003] DSA-324 ethereal - several vulnerabilities
[16 giu 2003] DSA-323 noweb - insecure temporary files
[16 giu 2003] DSA-322 typespeed - buffer overflow
[13 giu 2003] DSA-321 radiusd-cistron - buffer overflow
[13 giu 2003] DSA-320 mikmod - buffer overflow
[12 giu 2003] DSA-319 webmin - session ID spoofing
[12 giu 2003] DSA-318 lyskom-server - denial of service
[11 giu 2003] DSA-317 cupsys - denial of service
[11 giu 2003] DSA-316 nethack - buffer overflow, incorrect permissions
[11 giu 2003] DSA-315 gnocatan - buffer overflows, denial of service
[11 giu 2003] DSA-314 atftp - buffer overflow
[11 giu 2003] DSA-313 ethereal - buffer overflows, integer overflows
[09 giu 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
[08 giu 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
[08 giu 2003] DSA-310 xaos - improper setuid-root execution
[06 giu 2003] DSA-309 eterm - buffer overflow
[06 giu 2003] DSA-308 gzip - insecure temporary files
[27 mag 2003] DSA-307 gps - multiple vulnerabilities
[19 mag 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
[15 mag 2003] DSA-305 sendmail - insecure temporary files
[15 mag 2003] DSA-304 lv - privilege escalation
[15 mag 2003] DSA-303 mysql - privilege escalation
[07 mag 2003] DSA-302 fuzz - privilege escalation
[07 mag 2003] DSA-301 libgtop - buffer overflow
[06 mag 2003] DSA-300 balsa - buffer overflow
[06 mag 2003] DSA-299 leksbot - improper setuid-root execution
[02 mag 2003] DSA-298 epic4 - buffer overflows
[01 mag 2003] DSA-297 snort - integer overflow, buffer overflow
[30 apr 2003] DSA-296 kdebase - insecure execution
[30 apr 2003] DSA-295 pptpd - buffer overflow
[23 apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
[23 apr 2003] DSA-293 kdelibs - insecure execution
[22 apr 2003] DSA-292 mime-support - insecure temporary file creation
[22 apr 2003] DSA-291 ircii - buffer overflows
[17 apr 2003] DSA-290 sendmail-wide - char-to-int conversion
[17 apr 2003] DSA-289 rinetd - incorrect memory resizing
[17 apr 2003] DSA-288 openssl - several vulnerabilities
[15 apr 2003] DSA-287 epic - buffer overflows
[14 apr 2003] DSA-286 gs-common - insecure temporary file
[14 apr 2003] DSA-285 lprng - insecure temporary file
[12 apr 2003] DSA-284 kdegraphics - insecure execution
[11 apr 2003] DSA-283 xfsdump - insecure file creation
[09 apr 2003] DSA-282 glibc - integer overflow
[08 apr 2003] DSA-281 moxftp - buffer overflow
[07 apr 2003] DSA-280 samba - buffer overflow
[07 apr 2003] DSA-279 metrics - insecure temporary file creation
[04 apr 2003] DSA-278 sendmail - char-to-int conversion
[03 apr 2003] DSA-277 apcupsd - buffer overflows, format string
[03 apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
[02 apr 2003] DSA-275 lpr-ppd - buffer overflow
[28 mar 2003] DSA-274 mutt - buffer overflow
[28 mar 2003] DSA-273 krb4 - Cryptographic weakness
[28 mar 2003] DSA-272 dietlibc - integer overflow
[27 mar 2003] DSA-271 ecartis - unauthorized password change
[27 mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
[26 mar 2003] DSA-269 heimdal - Cryptographic weakness
[25 mar 2003] DSA-268 mutt - buffer overflow
[24 mar 2003] DSA-267 lpr - buffer overflow
[24 mar 2003] DSA-266 krb5 - several vulnerabilities
[21 mar 2003] DSA-265 bonsai - several vulnerabilities
[19 mar 2003] DSA-264 lxr - missing filename sanitizing
[17 mar 2003] DSA-263 netpbm-free - math overflow errors
[15 mar 2003] DSA-262 samba - remote exploit
[14 mar 2003] DSA-261 tcpdump - infinite loop
[13 mar 2003] DSA-260 file - buffer overflow
[12 mar 2003] DSA-259 qpopper - mail user privilege escalation
[10 mar 2003] DSA-258 ethereal - format string vulnerability
[04 mar 2003] DSA-257 sendmail - remote exploit
[28 feb 2003] DSA-256 mhc - insecure temporary file
[27 feb 2003] DSA-255 tcpdump - infinite loop
[27 feb 2003] DSA-254 traceroute-nanog - buffer overflow
[24 feb 2003] DSA-253 openssl - information leak
[21 feb 2003] DSA-252 slocate - buffer overflow
[14 feb 2003] DSA-251 w3m - missing HTML quoting
[12 feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
[11 feb 2003] DSA-249 w3mmee - missing HTML quoting
[31 gen 2003] DSA-248 hypermail - buffer overflows
[30 gen 2003] DSA-247 courier-ssl - missing input sanitizing
[29 gen 2003] DSA-246 tomcat - information exposure, cross site scripting
[28 gen 2003] DSA-245 dhcp3 - ignored counter boundary
[27 gen 2003] DSA-244 noffle - buffer overflows
[24 gen 2003] DSA-243 kdemultimedia - several vulnerabilities
[24 gen 2003] DSA-242 kdebase - several vulnerabilities
[24 gen 2003] DSA-241 kdeutils - several vulnerabilities
[23 gen 2003] DSA-240 kdegames - several vulnerabilities
[23 gen 2003] DSA-239 kdesdk - several vulnerabilities
[23 gen 2003] DSA-238 kdepim - several vulnerabilities
[22 gen 2003] DSA-237 kdenetwork - several vulnerabilities
[22 gen 2003] DSA-236 kdelibs - several vulnerabilities
[22 gen 2003] DSA-235 kdegraphics - several vulnerabilities
[22 gen 2003] DSA-234 kdeadmin - several vulnerabilities
[21 gen 2003] DSA-233 cvs - doubly freed memory
[20 gen 2003] DSA-232 cupsys - several vulnerabilities
[17 gen 2003] DSA-231 dhcp3 - stack overflows
[16 gen 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
[15 gen 2003] DSA-229 imp - SQL injection
[14 gen 2003] DSA-228 libmcrypt - buffer overflows and memory leak
[13 gen 2003] DSA-227 openldap2 - buffer overflows and other bugs
[10 gen 2003] DSA-226 xpdf-i - integer overflow
[09 gen 2003] DSA-225 tomcat4 - source disclosure
[08 gen 2003] DSA-224 canna - buffer overflow and more
[07 gen 2003] DSA-223 geneweb - information exposure
[06 gen 2003] DSA-222 xpdf - integer overflow
[03 gen 2003] DSA-221 mhonarc - cross site scripting
[02 gen 2003] DSA-220 squirrelmail - cross site scripting

Si possono ricevere gli ultimi bollettini della sicurezza Debian iscrivendosi alla lista di messaggi debian-security-announce. È anche possibile sfogliare gli archivi della lista.

---

Ritorna alla pagina principale del Progetto Debian.

---

---