Debian Security Advisory 1801-1 - Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation.
a57a12424f37cb2ec816cd15519fb2d5be45c3576aa0d03f4f69d2831dfa63a0
Debian Security Advisory 1875-1 - Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure.
1fe17fa53f249fc5c36e3c996cfb922e51554af0cfeb36714592cf26166e409d
Debian Security Advisory 1871-2 - The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution (etch).
565a2e4f05dcf7aeeb6e8faf612d43fcbf48f13dfbd682a6ec3e14c0ad64284d
Debian Security Advisory 1874-1 - Several vulnerabilities have been discovered in the Network Security Service libraries.
c3c145e663c0e41608a4517f6698e23ceea9427cb81c0b2b53641a715105c451
Debian Security Advisory 1873-1 - Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page.
356bf7c18df73523e6398c09fcd86214240a2f6d1b8b04047695a2254b6e4857
Debian Security Advisory 1833-2 - The previous dhcp3 update (DSA-1833-1) did not properly apply the required changes to the stable (lenny) version. The old stable (etch) version is not affected by this problem.
d37dd1774bcb143ebca48d1d6561dd56f75caa2f740d1cadcd4ec7160c9f147f
Debian Security Advisory 1872-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory.
cf39db21b853f2de19fa7441b737a0a470a70d17a10d2adf60f45715f7040e1e
Debian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.
6af8225de9c2ad14b5d9a8665a5efa8f8b2bde9a73d41b32acb094faf63cf6c8
Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26
Debian Security Advisory 1870-1 - Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.
11ac33561f3bbbffca98ffd632e07b2283b4a9f19e94b23a9c98eb2ca8256b2e
Debian Security Advisory 1865-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service or privilege escalation.
fcae27437b2b0fdbfe3736c4335096431f370e8341becfdced7a741ef6ea4579
Debian Security Advisory 1864-1 - A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation.
009ec0aca4015d32052a8fcf82a6d204c1a7ab6c9be5da98346d1d83ee133a6d
Debian Security Advisory 1863-1 - Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case.
9b50510b177e062943b28811c9b6700a49751d2e9d25c506bfa91c5bd4ee2182
Debian Security Advisory 1862-1 - A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation.
ee03984f78e4ddfab0750a75c78f010f203c4cd1a6a8ac0e7fd4ae37e1d6ba45
Debian Security Advisory 1861-1 - Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library.
cf1ba6edbf0c2b6efad11fb80510f02152cfeacc8e88c5e4a39e29cbd5843bb2
Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.
11affe671bc325d35bbacdaba1cc0dff84af2b4d7f43397ff4731fd74ebce484
Debian Security Advisory 1859-1 - Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library.
380526581c12196325d7b500336e29935e034d56c9ada89cd22c887042cc7aa1
Debian Security Advisory 1858-1 - Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
7692690e334ef4d74caa1a8323d6a6d5435156a3a14f3cee1943f7a38ad95b9d
Debian Security Advisory 1857-1 - Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images.
1d44415f372b8ae91eb8fbc2d0bd0eba67fd682a311176cb09fa045e50ae05bd
Debian Security Advisory 1843-2 - It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses.
77be01d4934f7ab668a307cb62a10084bf8da36066c54a1f10ac651e27cbf1c8
Debian Security Advisory 1856-1 - It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database.
b23ccad9e3c6b96dddef66cb51e684f0cfb5b43b897036f47ada89317d61149e
Debian Security Advisory 1855-1 - Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
091c4e138fbb96dbc2b240742cf04167bc31fcdc55cede5205d2d8a15b5c237d
Debian Security Advisory 1854-1 - Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
e54e6a6aa34c4763920eaf4d1c189495881575c78b71087121c170ba95aa79a3
Debian Security Advisory 1853-1 - Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).
f71cf554ce3885432ea696405897c37491e96e62aac0cdc2acb222f696e060be
Debian Security Advisory 1852-1 - It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields.
b2c279e9428381b4b79febdf015211782d03ec298a3ff8b389cda567f086028b
Debian Security Advisory 1851-1 - It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name.
4895448f52ffe68e98196ec3721ff78244663b3346b4ace337499d3dd23b3c87