|
|
Dernières alertes de sécurité
DSA-2094 linux-2.6 - privilege escalation/denial of service/information leak
> date : 2010-09-05 00:45:29
> lien :
http://www.debian.org/security/2010/dsa-2094
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
DSA-2093 ghostscript - several vulnerabilities
> date : 2010-09-05 00:45:29
> lien :
http://www.debian.org/security/2010/dsa-2093
Two security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures
project identifies the following problems:
DSA-2102 barnowl - unchecked return value
> date : 2010-09-03 21:44:50
> lien :
http://www.debian.org/security/2010/dsa-2102
It has been discovered that in barnowl, a curses-based instant-messaging
client, the return codes of calls to the ZPending and ZReceiveNotice
functions in libzephyr were not checked, allowing attackers to cause a
denial of service (crash of the application), and possibly execute
arbitrary code.
DSA-2096 zope-ldapuserfolder - missing input validation
> date : 2010-09-03 00:44:43
> lien :
http://www.debian.org/security/2010/dsa-2096
Jeremy James discovered that in zope-ldapuserfolder, a Zope extension
used to authenticate against an LDAP server, the authentication code
does not verify the password provided for the emergency user. Malicious
users that manage to get the emergency user login can use this flaw to
gain administrative access to the Zope instance, by providing an
arbitrary password.
|
page 1 |
page suivante |
|
|
Sécurité
Classement
