Archive for August, 2008

Debian security update DSA-1597-2

Sunday, August 31st, 2008

Package : mt-daapd
Vulnerability : multiple vulnerabilities
Problem type : remote
Debian-specific : no
CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771
Debian Bug : 459961 476241 496217
In DSA-1597-1, an update was announced for multiple vulnerabilities in
the mt-daapd audio server.  One of the fixes introduced a regression
preventing successful authentication to the administration interface.
An updated release is available which corrects this problem. [...]

Tags: ,

Posted in Security  •  No Comments »

Debian Live CD

Thursday, August 28th, 2008

Daniel Baumann announced to the Debian user list today that the first ever Debian Lenny live CD is now available as a beta release. The Live CD development team wasn’t able to get everything ready in to time for the release of Etch so this marks the first ever official Debian live CD release.
Daniels email
Debian [...]

Posted in Debian  •  No Comments »

SSH key-based attacks

Tuesday, August 26th, 2008

The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for Linux based infrastructures. The attack uses compromised SSH keys to gain access to a system then uses local kernel exploits to gain root access. Once root is obtained a rootkit by the name of phalanx2 is installed.
From CERT
Phalanx2 appears to be a derivative [...]

Posted in Security  •  No Comments »

Debian security update DSA-1632

Tuesday, August 26th, 2008

Date Reported:
26 Aug 2008
Affected Packages:
tiff
Vulnerable:
Yes
Security database references:
In Mitre’s CVE dictionary: CVE-2008-2327.
More information:
Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in [...]

Tags:

Posted in Debian, Security  •  No Comments »

Debian security update DSA-1631-1

Tuesday, August 26th, 2008

Date Reported:
22 Aug 2008
Affected Packages:
libxml2
Vulnerable:
Yes
Security database references:
In Mitre’s CVE dictionary: CVE-2008-3281.
More information:
Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-3.
For the unstable distribution (sid), this problem will be [...]

Tags:

Posted in Debian, Security  •  No Comments »

« Older Entries