Package: xen-tools
Version: 3.9-4
Severity: grave
Tags: security
Justification: user security hole
I'm tagging this security, though common best practices would suggest that
access
to the Dom0 should be severely restricted to begin with.
When xen-create-image is used to create a file based
Source: glib2.0
Severity: important
Tags: security
The standard hashing functions provided with the ghashtable implementation
in glib are vulnerable to the algorithmic complexity attacks described in
oCert-2011-003
http://www.ocert.org/advisories/ocert-2011-003.html
This was reported upstream
Package: libapr1
Version: 1.4.5-1.1
Severity: important
Tags: security
APR's hash implementation is vulnerable to the same types of algorithmic
complexity attacks disclosed in oCert-2011-003.
Discussion of the problem on the apr-dev mailing list is available here:
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
Monkey webserver fails to drop supplemental groups when lowering privileges.
This allows any local user on the system to read any fine that root's
supplemental
groups can access. Monkey does perform
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
The Monkey webserver retains RUID/RGID root so that it can regain root as
needed to perform privileged operations. Unfortunately, monkey does not drop
RUID/RGID root before executing CGI scripts.
Source: phamm
Severity: important
Tags: upstream security
While looking through codesearch.debian.net I noticed that phamm's
views/helpers.php uses $_SERVER['PHP_SELF'] in a way that is vulnerable to
reflected XSS attacks.
To reproduce the problem, load a URL like this in Firefox:
6 matches
Mail list logo