From 3473cbc5a0e36020d136f6e1a6e7db56218ac59c Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Tue, 22 May 2007 17:29:39 +0000 Subject: release aircrack-ng, mydns, clamav DTSAs git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5897 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-35-1.html | 86 +++++++++++++++++++++++++++++++++++++++ website/DTSA/DTSA-36-1.html | 84 ++++++++++++++++++++++++++++++++++++++ website/DTSA/DTSA-37-1.html | 99 +++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 6 +++ 4 files changed, 275 insertions(+) create mode 100644 website/DTSA/DTSA-35-1.html create mode 100644 website/DTSA/DTSA-36-1.html create mode 100644 website/DTSA/DTSA-37-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-35-1.html b/website/DTSA/DTSA-35-1.html new file mode 100644 index 0000000000..ee4baf7ebf --- /dev/null +++ b/website/DTSA/DTSA-35-1.html @@ -0,0 +1,86 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-35-1

+
+
Date Reported:
+
May 16th, 2007
+
Affected Package:
+
aircrack-ng
+
Vulnerability:
+
programming error
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-2057 +
+
More information:
+
It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs  
+insufficient validation of 802.11 authentication packets, which allows the  
+execution of arbitrary code. 
+
+
For the testing distribution (etch) this is fixed in version 1:0.8-0.1lenny1
+
For the unstable distribution (sid) this is fixed in version 1:0.7-3
+
This upgrade is recommended if you use aircrack-ng.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get install aircrack-ng
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+ +
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/DTSA/DTSA-36-1.html b/website/DTSA/DTSA-36-1.html new file mode 100644 index 0000000000..fb7f120fdb --- /dev/null +++ b/website/DTSA/DTSA-36-1.html @@ -0,0 +1,84 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-36-1

+
+
Date Reported:
+
May 22th, 2007
+
Affected Package:
+
mydns
+
Vulnerability:
+
multiple buffer overflows
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-2362 +
+
More information:
+
Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of  
+service (daemon crash) and possibly execute arbitrary code. 
+
+
For the testing distribution (etch) this is fixed in version 1:1.1.0-7.1lenny1
+
For the unstable distribution (sid) this is fixed in version 1:1.1.0-8
+
This upgrade is recommended if you use mydns.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/DTSA/DTSA-37-1.html b/website/DTSA/DTSA-37-1.html new file mode 100644 index 0000000000..07e1832396 --- /dev/null +++ b/website/DTSA/DTSA-37-1.html @@ -0,0 +1,99 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-37-1

+
+
Date Reported:
+
May 22th, 2007
+
Affected Package:
+
clamav
+
Vulnerability:
+
several vulnerabilities
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-1745 +CVE-2007-1997 +CVE-2007-2029 +
+
More information:
+
Several remote vulnerabilities have been discovered in the Clam anti-virus  
+toolkit. The Common Vulnerabilities and Exposures project identifies the 
+following problems: 

+CVE-2007-1745  
+It was discovered that a file descriptor leak in the CHM handler may lead to  
+denial of service. 

+CVE-2007-1997  
+It was discovered that a buffer overflow in the CAB handler may lead to the  
+execution of arbitrary code. 

+CVE-2007-2029  
+It was discovered that a file descriptor leak in the PDF handler may lead to  
+denial of service. 
+
+
For the testing distribution (etch) this is fixed in version 0.90.1-3lenny2
+
For the unstable distribution (sid) this is fixed in version 0.90.2-1
+
This upgrade is recommended if you use clamav.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index 1a3f48155e..cb22e278d4 100644 --- a/website/list.html +++ b/website/list.html @@ -101,6 +101,12 @@
multiple vulnerabilities
[March 3rd, 2007] DTSA-34-1 wordpress
cross-site scripting
+
[May 22th, 2007] DTSA-35-1 aircrack-ng
+
programming error
+
[May 22th, 2007] DTSA-36-1 mydns
+
multiple buffer overflows
+
[May 22th, 2007] DTSA-37-1 clamav
+
several vulnerabilities
-- cgit v1.2.3