Tietoturvasta / Vuoden 2009 tietoturvatiedotteet

Vuoden 2009 tietoturvatiedotteet

[31.12.2009] DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities
[23.12.2009] DSA-1963 unbound - cryptographic implementation error
[23.12.2009] DSA-1962 kvm - several vulnerabilities
[23.12.2009] DSA-1961 bind9 - DNS cache poisoning
[19.12.2009] DSA-1960 acpid - programming error
[19.12.2009] DSA-1959 ganeti - missing input sanitation
[29.12.2009] DSA-1958 libtool - privilege escalation
[28.12.2009] DSA-1957 aria2 - buffer overflow
[16.12.2009] DSA-1956 xulrunner - several vulnerabilities
[16.12.2009] DSA-1955 network-manager/network-manager-applet - information disclosure
[16.12.2009] DSA-1954 cacti - insufficient input sanitising
[15.12.2009] DSA-1953 expat - denial of service
[15.12.2009] DSA-1952 asterisk - several vulnerabilities, end-of-life announcement in oldstable
[15.12.2009] DSA-1951 firefox-sage - insufficient input sanitising
[12.12.2009] DSA-1950 webkit - several vulnerabilities
[12.12.2009] DSA-1949 php-net-ping - programming error
[ 8.12.2009] DSA-1948 ntp - denial of service
[ 7.12.2009] DSA-1947 shibboleth-sp, shibboleth-sp2, opensaml2 - missing input sanitising
[ 4.12.2009] DSA-1946 belpic - cryptographic weakness
[ 3.12.2009] DSA-1945 gforge - symlink attack
[ 3.12.2009] DSA-1944 request-tracker3.4 request-tracker3.6 - session hijack
[ 2.12.2009] DSA-1943 openldap openldap2.3 - insufficient input validation
[29.11.2009] DSA-1942 wireshark - several vulnerabilities
[25.11.2009] DSA-1941 poppler - several vulnerabilities
[25.11.2009] DSA-1940 php5 - multiple issues
[24.11.2009] DSA-1939 libvorbis - several vulnerabilities
[23.11.2009] DSA-1938 php-mail - programming error
[21.11.2009] DSA-1937 gforge - insufficient input sanitising
[17.11.2009] DSA-1936 libgd2 - several vulnerabilities
[17.11.2009] DSA-1935 gnutls13 gnutls26 - several vulnerabilities
[16.11.2009] DSA-1934 apache2 - multiple issues
[10.11.2009] DSA-1933 cups - missing input sanitising
[ 8.11.2009] DSA-1932 pidgin - programming error
[ 8.11.2009] DSA-1931 nspr - several vulnerabilities
[ 7.11.2009] DSA-1930 drupal6 - several vulnerabilities
[ 5.11.2009] DSA-1929 linux-2.6 - privilege escalation/denial of service/sensitive memory leak
[ 5.11.2009] DSA-1928 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
[ 5.11.2009] DSA-1927 linux-2.6 - privilege escalation/denial of service/sensitive memory leak
[ 4.11.2009] DSA-1926 typo3-src - several vulnerabilities
[31.10.2009] DSA-1925 proftpd-dfsg - insufficient input validation
[31.10.2009] DSA-1924 mahara - several vulnerabilities
[27.10.2009] DSA-1923 libhtml-parser-perl - denial of service
[28.10.2009] DSA-1922 xulrunner - several vulnerabilities
[28.10.2009] DSA-1921 expat - denial of service
[26.10.2009] DSA-1920 nginx - denial of service
[25.10.2009] DSA-1919 smarty - several vulnerabilities
[25.10.2009] DSA-1918 phpmyadmin - several vulnerabilities
[24.10.2009] DSA-1917 mimetex - several vulnerabilities
[23.10.2009] DSA-1916 kdelibs - insufficient input validation
[22.10.2009] DSA-1915 linux-2.6 - privilege escalation/denial of service/sensitive memory leak
[22.10.2009] DSA-1914 mapserver - several vulnerabilities
[17.10.2009] DSA-1913 bugzilla - SQL injection vulnerability
[16.10.2009] DSA-1912 camlimages - integer overflow
[14.10.2009] DSA-1911 pygresql - missing escape function
[14.10.2009] DSA-1910 mysql-ocaml - missing escape function
[14.10.2009] DSA-1909 postgresql-ocaml - missing escape function
[14.10.2009] DSA-1908 samba - several vulnerabilities
[13.10.2009] DSA-1907 kvm - several vulnerabilities
[11.10.2009] DSA-1906 clamav - End-of-life announcement for clamav in stable and oldstable
[10.10.2009] DSA-1905 python-django - insufficient input validation
[ 9.10.2009] DSA-1904 wget - insufficient input validation
[ 7.10.2009] DSA-1903 graphicsmagick - several vulnerabilities
[ 5.10.2009] DSA-1902 elinks - buffer overflow
[ 5.10.2009] DSA-1901 mediawiki1.7 - several vulnerabilities
[ 2.10.2009] DSA-1900 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 - several vulnerabilities
[ 2.10.2009] DSA-1899 strongswan - several vulnerabilities
[ 2.10.2009] DSA-1898 openswan - denial of service
[28. 9.2009] DSA-1897 horde3 - insufficient input sanitization
[28. 9.2009] DSA-1896 opensaml, shibboleth-sp - several vulnerabilities
[24. 9.2009] DSA-1895 xmltooling - several vulnerabilities
[24. 9.2009] DSA-1894 newt - buffer overflow
[23. 9.2009] DSA-1893 cyrus-imapd-2.2 kolab-cyrus-imapd - buffer overflow
[23. 9.2009] DSA-1892 dovecot - buffer overflow
[22. 9.2009] DSA-1891 changetrack - shell command execution
[19. 9.2009] DSA-1890 wxwindows2.4 wxwidgets2.6 wxwidgets2.8 - integer overflow
[16. 9.2009] DSA-1889 icu - programming error
[15. 9.2009] DSA-1888 openssl, openssl097 - cryptographic weakness
[15. 9.2009] DSA-1887 rails - missing input sanitising
[14. 9.2009] DSA-1886 iceweasel - several vulnerabilities
[14. 9.2009] DSA-1885 xulrunner - several vulnerabilities
[14. 9.2009] DSA-1884 nginx - buffer underflow
[10. 9.2009] DSA-1883 nagios2 - missing input sanitising
[ 9. 9.2009] DSA-1882 xapian-omega - missing input sanitization
[ 7. 9.2009] DSA-1881 cyrus-imapd-2.2 - buffer overflow
[ 4. 9.2009] DSA-1880 openoffice.org - several vulnerabilities
[ 4. 9.2009] DSA-1879 silc-client/silc-toolkit - several vulnerabilities
[ 2. 9.2009] DSA-1878 devscripts - missing input sanitation
[ 2. 9.2009] DSA-1877 mysql-dfsg-5.0 - denial of service/execution of arbitrary code
[ 1. 9.2009] DSA-1876 dnsmasq - buffer overflow
[31. 8.2009] DSA-1875 ikiwiki - missing input sanitising
[26. 8.2009] DSA-1874 nss - several vulnerabilities
[26. 8.2009] DSA-1873 xulrunner - programming error
[24. 8.2009] DSA-1872 linux-2.6 - denial of service/privilege escalation/information leak
[23. 8.2009] DSA-1871 wordpress - several vulnerabilities
[19. 8.2009] DSA-1870 pidgin - insufficient input validation
[19. 8.2009] DSA-1869 curl - insufficient input validation
[19. 8.2009] DSA-1868 kde4libs - several vulnerabilities
[19. 8.2009] DSA-1867 kdelibs - several vulnerabilities
[19. 8.2009] DSA-1866 kdegraphics - several vulnerabilities
[16. 8.2009] DSA-1865 linux-2.6 - denial of service/privilege escalation
[16. 8.2009] DSA-1864 linux-2.6.24 - privilege escalation
[15. 8.2009] DSA-1863 zope2.10/zope2.9 - several vulnerabilities
[14. 8.2009] DSA-1862 linux-2.6 - privilege escalation
[13. 8.2009] DSA-1861 libxml - several vulnerabilities
[12. 8.2009] DSA-1860 ruby1.8, ruby1.9 - several vulnerabilities
[10. 8.2009] DSA-1859 libxml2 - several vulnerabilities
[10. 8.2009] DSA-1858 imagemagick - multiple vulnerabilities
[10. 8.2009] DSA-1857 camlimages - integer overflow
[ 8. 8.2009] DSA-1856 mantis - information leak
[ 8. 8.2009] DSA-1855 subversion - heap overflow
[ 8. 8.2009] DSA-1854 apr, apr-util - heap buffer overflow
[ 7. 8.2009] DSA-1853 memcached - heap-based buffer overflow
[ 7. 8.2009] DSA-1852 fetchmail - insufficient input validation
[ 6. 8.2009] DSA-1851 gst-plugins-bad0.10 - integer overflow
[ 4. 8.2009] DSA-1850 libmodplug - several vulnerabilities
[ 2. 8.2009] DSA-1849 xml-security-c - design flaw
[ 2. 8.2009] DSA-1848 znc - directory traversal
[29. 7.2009] DSA-1847 bind9 - improper assert
[28. 7.2009] DSA-1846 kvm - denial of service
[28. 7.2009] DSA-1845 linux-2.6 - denial of service, privilege escalation
[28. 7.2009] DSA-1844 linux-2.6.24 - denial of service/privilege escalation
[28. 7.2009] DSA-1843 squid3 - several vulnerabilities
[28. 7.2009] DSA-1842 openexr - several vulnerabilities
[25. 7.2009] DSA-1841 git-core - denial of service
[23. 7.2009] DSA-1840 xulrunner - several vulnerabilities
[19. 7.2009] DSA-1839 gst-plugins-good0.10 - integer overflow
[18. 7.2009] DSA-1838 pulseaudio - privilege escalation
[18. 7.2009] DSA-1837 dbus - programming error
[16. 7.2009] DSA-1836 fckeditor - missing input sanitising
[15. 7.2009] DSA-1835 tiff - several vulnerabilities
[15. 7.2009] DSA-1834 apache2 - denial of service
[14. 7.2009] DSA-1833 dhcp3 - several vulnerabilities
[13. 7.2009] DSA-1832 camlimages - integer overflow
[13. 7.2009] DSA-1831 djbdns - programming error
[12. 7.2009] DSA-1830 icedove - several vulnerabilities
[11. 7.2009] DSA-1829 sork-passwd-h3 - insufficient input sanitising
[ 7. 7.2009] DSA-1828 ocsinventory-agent - insecure module search path
[ 6. 7.2009] DSA-1827 ipplan - insufficient input sanitising
[ 4. 7.2009] DSA-1826 eggdrop - several vulnerabilities
[ 3. 7.2009] DSA-1825 nagios2, nagios3 - insufficient input validation
[25. 6.2009] DSA-1824 phpmyadmin - several vulnerabilities
[25. 6.2009] DSA-1823 samba - several vulnerabilities
[23. 6.2009] DSA-1822 mahara - insufficient input sanitization
[22. 6.2009] DSA-1821 amule - insufficient input sanitising
[18. 6.2009] DSA-1820 xulrunner - several vulnerabilities
[18. 6.2009] DSA-1819 vlc - several vulnerabilities
[18. 6.2009] DSA-1818 gforge - insufficient input sanitising
[17. 6.2009] DSA-1817 ctorrent - stack-based buffer overflow
[16. 6.2009] DSA-1816 apache2 - insufficient security check
[14. 6.2009] DSA-1815 libtorrent-rasterbar - programming error
[13. 6.2009] DSA-1814 libsndfile - heap-based buffer overflow
[ 8. 6.2009] DSA-1813 evolution-data-server - Several vulnerabilities
[ 4. 6.2009] DSA-1812 apr-util - denial of service
[ 2. 6.2009] DSA-1811 cups, cupsys - null ptr dereference
[ 2. 6.2009] DSA-1810 libapache-mod-jk - information disclosure
[ 1. 6.2009] DSA-1809 linux-2.6 - denial of service, privilege escalation
[ 1. 6.2009] DSA-1808 drupal6 - insufficient input sanitising
[ 1. 6.2009] DSA-1807 cyrus-sasl2, cyrus-sasl2-heimdal - buffer overflow
[24. 5.2009] DSA-1806 cscope - buffer overflows
[22. 5.2009] DSA-1805 pidgin - several vulnerabilities
[20. 5.2009] DSA-1804 ipsec-tools - null pointer dereference, memory leaks
[20. 5.2009] DSA-1803 nsd, nsd3 - buffer overflow
[21. 5.2009] DSA-1802 squirrelmail - several vulnerabilities
[19. 5.2009] DSA-1801 ntp - buffer overflows
[15. 5.2009] DSA-1800 linux-2.6 - denial of service/privilege escalation/sensitive memory leak
[11. 5.2009] DSA-1799 qemu - several vulnerabilities
[10. 5.2009] DSA-1798 pango1.0 - integer overflow
[ 9. 5.2009] DSA-1797 xulrunner - several vulnerabilities
[ 7. 5.2009] DSA-1796 libwmf - pointer use-after-free
[ 7. 5.2009] DSA-1795 ldns - buffer overflow
[ 6. 5.2009] DSA-1794 linux-2.6 - denial of service/privilege escalation/information leak
[ 6. 5.2009] DSA-1793 kdegraphics - multiple vulnerabilities
[ 6. 5.2009] DSA-1792 drupal6 - multiple vulnerabilities
[ 6. 5.2009] DSA-1791 moin - insufficient input sanitising
[ 5. 5.2009] DSA-1790 xpdf - multiple vulnerabilities
[ 4. 5.2009] DSA-1789 php5 - several vulnerabilities
[ 4. 5.2009] DSA-1788 quagga - improper assertion
[ 2. 5.2009] DSA-1787 linux-2.6.24 - denial of service/privilege escalation/information leak
[ 2. 5.2009] DSA-1786 acpid - denial of service
[ 1. 5.2009] DSA-1785 wireshark - several vulnerabilities
[30. 4.2009] DSA-1784 freetype - integer overflows
[29. 4.2009] DSA-1783 mysql-dfsg-5.0 - multiple vulnerabilities
[29. 4.2009] DSA-1782 mplayer - several vulnerabilities
[29. 4.2009] DSA-1781 ffmpeg-debian - several vulnerabilities
[28. 4.2009] DSA-1780 libdbd-pg-perl - several vulnerabilities
[26. 4.2009] DSA-1779 apt - several vulnerabilities
[22. 4.2009] DSA-1778 mahara - insufficient input sanitization
[21. 4.2009] DSA-1777 git-core - file permission error
[21. 4.2009] DSA-1776 slurm-llnl - programming error
[20. 4.2009] DSA-1775 php-json-ext - denial of service
[17. 4.2009] DSA-1774 ejabberd - insufficient input sanitising
[17. 4.2009] DSA-1773 cups - integer overflow
[16. 4.2009] DSA-1772 udev - several vulnerabilities
[15. 4.2009] DSA-1771 clamav - several vulnerabilities
[13. 4.2009] DSA-1770 imp4 - Insufficient input sanitising
[11. 4.2009] DSA-1769 openjdk-6 - several vulnerabilities
[10. 4.2009] DSA-1768 openafs - several vulnerabilities
[ 9. 4.2009] DSA-1767 multipath-tools - insecure file permissions
[ 9. 4.2009] DSA-1766 krb5 - several vulnerabilities
[ 8. 4.2009] DSA-1765 horde3 - Multiple vulnerabilities
[ 7. 4.2009] DSA-1764 tunapie - several vulnerabilities
[ 6. 4.2009] DSA-1763 openssl - programming error
[ 2. 4.2009] DSA-1762 icu - insufficient input sanitising
[ 3. 4.2009] DSA-1761 moodle - missing input sanitization
[30. 3.2009] DSA-1760 openswan - denial of service
[30. 3.2009] DSA-1759 strongswan - denial of service
[30. 3.2009] DSA-1758 nss-ldapd - insecure config file creation
[30. 3.2009] DSA-1757 auth2db - SQL injection
[29. 3.2009] DSA-1756 xulrunner - multiple vulnerabilities
[25. 3.2009] DSA-1755 systemtap - race condition
[ 9. 4.2009] DSA-1754 roundup - insufficient access checks
[24. 3.2009] DSA-1753 iceweasel - end-of-life announcement for Iceweasel in oldstable
[23. 3.2009] DSA-1752 webcit - format string vulnerability
[22. 3.2009] DSA-1751 xulrunner - several vulnerabilities
[22. 3.2009] DSA-1750 libpng - several vulnerabilities
[20. 3.2009] DSA-1749 linux-2.6 - denial of service/privilege escalation/sensitive memory leak
[20. 3.2009] DSA-1748 libsoup - integer overflow
[20. 3.2009] DSA-1747 glib2.0 - integer overflow
[20. 3.2009] DSA-1746 ghostscript - several vulnerabilities
[20. 3.2009] DSA-1745 lcms - several vulnerabilities
[18. 3.2009] DSA-1744 weechat - missing input sanitization
[17. 3.2009] DSA-1743 libtk-img - buffer overflows
[16. 3.2009] DSA-1742 libsndfile - integer overflow
[14. 3.2009] DSA-1741 psi - integer overflow
[14. 3.2009] DSA-1740 yaws - denial of service
[13. 3.2009] DSA-1739 mldonkey - path traversal
[11. 3.2009] DSA-1738 curl - arbitrary file access
[11. 3.2009] DSA-1737 wesnoth - several vulnerabilities
[10. 3.2009] DSA-1736 mahara - insufficient input sanitising
[10. 3.2009] DSA-1735 znc - missing input sanitization
[ 5. 3.2009] DSA-1734 opensc - programming error
[ 3. 3.2009] DSA-1733 vim - several vulnerabilities
[ 3. 3.2009] DSA-1732 squid3 - denial of service
[ 2. 3.2009] DSA-1731 ndiswrapper - buffer overflow
[ 2. 3.2009] DSA-1730 proftpd-dfsg - SQL injection vulnerabilites
[ 2. 3.2009] DSA-1729 gst-plugins-bad0.10 - several vulnerabilities
[27. 2.2009] DSA-1728 dkim-milter - improper assertion
[26. 2.2009] DSA-1727 proftpd-dfsg - SQL injection vulnerabilites
[25. 2.2009] DSA-1726 python-crypto - buffer overflow
[15. 2.2009] DSA-1725 websvn - programming error
[13. 2.2009] DSA-1724 moodle - several vulnerabilities
[11. 2.2009] DSA-1723 phpmyadmin - insufficient input sanitising
[11. 2.2009] DSA-1722 libpam-heimdal - programming error
[11. 2.2009] DSA-1721 libpam-krb5 - several vulnerabilities
[10. 2.2009] DSA-1720 typo3-src - several vulnerabilities
[10. 2.2009] DSA-1719 gnutls13 - design flaw
[ 8. 2.2009] DSA-1718 boinc - incorrect API usage
[ 5. 2.2009] DSA-1717 devil - buffer overflow
[31. 1.2009] DSA-1716 vnc4 - integer overflow
[29. 1.2009] DSA-1715 moin - insufficient input sanitising
[28. 1.2009] DSA-1714 rt2570 - integer overflow
[28. 1.2009] DSA-1713 rt2500 - integer overflow
[28. 1.2009] DSA-1712 rt2400 - integer overflow
[26. 1.2009] DSA-1711 typo3-src - several vulnerabilities
[25. 1.2009] DSA-1710 ganglia-monitor-core - buffer overflow
[21. 1.2009] DSA-1709 shadow - race condition
[19. 1.2009] DSA-1708 git-core - shell command injection
[15. 1.2009] DSA-1707 iceweasel - several vulnerabilities
[15. 1.2009] DSA-1706 amarok - integer overflows
[15. 1.2009] DSA-1705 netatalk - missing input sanitising
[14. 1.2009] DSA-1704 xulrunner - several vulnerabilities
[12. 1.2009] DSA-1703 bind9 - interpretation conflict
[12. 1.2009] DSA-1702 ntp - interpretation conflict
[12. 1.2009] DSA-1701 openssl, openssl097 - interpretation conflict
[11. 1.2009] DSA-1700 lasso - incorrect API usage
[11. 1.2009] DSA-1699 zaptel - array index error
[ 9. 1.2009] DSA-1698 gforge - insufficient input sanitising
[ 7. 1.2009] DSA-1697 iceape - several vulnerabilities
[ 7. 1.2009] DSA-1696 icedove - several vulnerabilities
[ 2. 1.2009] DSA-1695 ruby1.8, ruby1.9 - memory leak
[ 2. 1.2009] DSA-1694 xterm - design flaw

Saat tuoreimmat Debianin tietoturvatiedotteet liittymällä debian-security-announce-postilistalle. Voit myös selata listan arkistoja.

---

Takaisin Debian-projektin kotisivulle.

---

---