Debian Security Advisory 1801-1 - Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation.
a57a12424f37cb2ec816cd15519fb2d5be45c3576aa0d03f4f69d2831dfa63a0
Debian Security Advisory 1828-1 - It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system.
01ea95ee4e4ff0ba15deed33170e9f12d9edf5d90549f107b4a205e0cd2a1e84
Debian Security Advisory 1827-1 - It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.
00635cca24bc92600de8f93c3721c5247f197717d7229303c32358b985872512
Debian Security Advisory 1826-1 - Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot.
a8b2c212aff1ffb3827b0c945e8b7f60cc18b1a588ac272831cca100696988e7
Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50
Debian Security Advisory 1824-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
c0543d372c815f7c798ee667d335e91cd6644265af5e237a867f283f8dcbb999
Debian Security Advisory 1823-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server.
b1dd505f4ed9dfea23e529ccd125a387967f454cd3fb8e82cf20c7cf12975af8
Debian Security Advisory 1822-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users.
70c1ca906437e7d6c7e45bd64c5bf1389a3aa517f8ae08d92e53b44931f8e0f5
Debian Security Advisory 1821-1 - Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player.
19ecb775ea2427799e1863353b3f9dc86b452cc722a2ca8f2f764f7c4f24aae1
Debian Security Advisory 1820-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
7b5d3b0a439f9bf630e0430301b87524237426c51c21e9ac498ad7d2f0f32c39
Debian Security Advisory 1819-1 - Several vulnerabilities have been discovered in vlc, a multimedia player and streamer.
7827ca0570fa45743fb8336eab394c44bf38311c688135f7bd9b204c89d50949
Debian Security Advisory 1818-1 - Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks.
ef3ab886c53dfa59ff5ebaf2e13c7fc33993ce4e386d80d7b4077eb59b1d7f05
Debian Security Advisory 1817-1 - Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file.
04a3025ed0f99514632bf98b2b6b03c9b67be83812ffe576041b45ae447a9ea3
Debian Security Advisory 1816-1 - It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive.
f481cb1d57b719487008c76e6c82018b67522e8df574fcfe60b4624260c4a8b3
Debian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
ad63608a9520d0d064fda0d70c6160937238a9bb33814e1fb611af3e163f35cd
Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.
1251a085719d046c220358316daf5f8f362b05eb479e9c0d4ad744ff518c15b4
Debian Security Advisory 1813-1 - Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite.
1002c5fc4a272b70abb7fe9aeb4ac9bae8ab7298336ed8a53b447e1a61708174
Debian Security Advisory 1812-1 - Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util.
eb8c93e812784e1119a6b541920db3a85bbaec679c272db21dd323b2a1f0665a
Debian Security Advisory 1810-1 - Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
1bd16047f6f2688935a4db4002019a5bca9dee9d10b9673b7d868bce30d1c98d
Debian Security Advisory 1809-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.
79f152838b2185e00ecf0e1f8740e157acf2c11de21d97e03e413d77ae6237cd
Debian Security Advisory 1808-1 - Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework. It is also possible that certain browsers using the UTF-7 encoding are vulnerable to a different cross-site scripting vulnerability.
5755dfe6d523cc338bc55c72c1ca5ca245f4daddc9ff1a385a1067ef0b9868d8
Debian Security Advisory 1807-1 - James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.
afb4f27e7294bb89587a5da4a5b1dee6b80a732514182675444d918eba3d9825
Debian Security Advisory 1806-1 - Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
590b7b56f51b92b716841c881d2dc6ed98216cc086adc0ad81629be53ea6274b
Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.
cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29
Debian Security Advisory 1802-2 - Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function.
427516df8ef9ab4b92105500b37d7a760f482163d4eb284532448ec29c628c7f
Debian Security Advisory 1804-1 - Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the
b05210a0a0059e39b906612cffac26f4bf213a579ea7b6061e4b07d926b8d381