|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta,
a simpler interface to APT, dpkg, and other Debian package tools
creates temporary files insecurely, which may lead to local denial
of service through symlink attacks.
|
|
|
Posted by Benjamin D. Thomas
|
|
In DSA-1619-1, an update was announced for DNS response spoofing
vulnerabilities in python-dns. The fix introduced a regression in the
library breaking the resolution of UTF-8 encoded record names. An
updated release is available which corrects this problem. For
reference, the original advisory text follows.
|
|
|
Posted by Benjamin D. Thomas
|
|
A regression was discovered in the original patch addressing this issue
for WordNet, which this update fixes. For reference the text of the
original advisory follows. |
|
|
Posted by Benjamin D. Thomas
|
|
Will Drewry discovered that the Horde, allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting. |
|
|
Posted by Benjamin D. Thomas
|
|
Several remote vulnerabilities have been discovered in phpMyAdmin, a
tool to administrate MySQL databases over the web. The Common
Vulnerabilities and Exposures project identifies the following problems: |
|
|
Posted by Benjamin D. Thomas
|
|
Simon Willison discovered that in Django, a Python web framework, the
feature to retain HTTP POST data during user reauthentication allowed
a remote attacker to perform unauthorized modification of data through
cross site request forgery. The is possible regardless of the Django
plugin to prevent cross site request forgery being enabled. The Common
Vulnerabilities and Exposures project identifies this issue as |
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that twiki, a web based collaboration platform,
didn't properly sanitize the image parameter in its configuration script.
This could allow remote users to execute arbitrary commands upon the
system, or read any files which were readable by the webserver user. |
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 22 - 28 of 1888 |
