News
DSA-1912 camlimages - integer overflow
It was discovered that CamlImages, an open source image processing
library, suffers from several integer overflows, which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution. This advisory addresses
DSA-1910 mysql-ocaml - missing escape function
It was discovered that mysql-ocaml, OCaml bindings for MySql, was
missing a function to call mysql_real_escape_string(). This is needed,
because mysql_real_escape_string() honours the charset of the connection
and prevents insufficient
DSA-1908 samba - several vulnerabilities
Several vulnerabilities have been discovered in samba, an implementation of
the SMB/CIFS protocol for Unix systems, providing support for cross-platform
file and printer sharing with other operating systems and more. The Common
Vulnerabilities and Exposures project identifies the following problems:
DSA-1909 postgresql-ocaml - missing escape function
It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's
libpq, was missing a function to call PQescapeStringConn(). This is
needed, because PQescapeStringConn() honours the charset of the
connection and prevents
DSA-1911 pygresql - missing escape function
It was discovered that pygresql, a PostgreSQL module for Python, was
missing a function to call PQescapeStringConn(). This is needed, because
PQescapeStringConn() honours the charset of the connection and prevents
insufficient escaping
DSA-1907 kvm - several vulnerabilities
Several vulnerabilities have been discovered in kvm, a full virtualization system.
The Common Vulnerabilities and Exposures project identifies the
following problems:
DSA-1906 clamav - End-of-life announcement for clamav in stable and oldstable
Security support for clamav, an anti-virus utility for Unix, has been
discontinued for the stable distribution (lenny) and the oldstable
distribution (etch). Clamav Upstream has stopped supporting the
releases in etch and lenny. Also, it
DSA-1905 python-django - insufficient input validation
The forms library of python-django, a high-level Python web development
framework, is using a badly chosen regular expression when validating
email addresses and URLs. An attacker can use this to perform denial
of service attacks (100%
DSA-1904 wget - insufficient input validation
Daniel Stenberg discovered that wget, a network utility to retrieve files from
the Web using HTTP(S) and FTP, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" published at the Blackhat conference some time ago.
DSA-1903 graphicsmagick - several vulnerabilities
Several vulnerabilities have been discovered in graphicsmagick, a
collection of image processing tool, which can lead to the execution
of arbitrary code, exposure of sensitive information or cause DoS.
The Common Vulnerabilities and Exposures project identifies the
following problems: