[TAF] wml://security/2011/dsa-228{2,3,4,5,6}.wml

To: debian-l10n-french <debian-l10n-french@lists.debian.org>
Subject: [TAF] wml://security/2011/dsa-228{2,3,4,5,6}.wml
From: David Prévot <david@tilapin.org>
Date: Wed, 27 Jul 2011 10:16:45 +0200
Message-id: <[🔎] 4E2FC96D.8080106@tilapin.org>

Salut,

Quelques annonces de sécurité sont à traduire, par avance merci au
volontaire de répondre par un [ITT] sur le groupe, ou même un ITT
individuel par annonce, comme vous préférez (par exemple en utilisant le
sujet « [ITT] wml://security/2011/dsa-2282.wml » pour la première).

Un script dans le dépôt du site web permet de traduire les morceaux
habituels : french/security/dsa-translator.pl.

Amicalement

David

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Several vulnerabilities were discovered in phpMyAdmin, a tool to
administrate MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2505";>CVE-2011-2505</a>

  <p>Possible session manipulation in Swekey authentication.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2506";>CVE-2011-2506</a>

  <p>Possible code injection in setup script, in case session
  variables are compromised.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2507";>CVE-2011-2507</a>

  <p>Regular expression quoting issue in Synchronize code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2508";>CVE-2011-2508</a>

  <p>Possible directory traversal in MIME-type transformation.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2642";>CVE-2011-2642</a>

  <p>Cross site scripting in table Print view when the attacker can
  create crafted table names.</p></li>

<li>No CVE name yet

  <p>Possible superglobal and local variables manipulation in
  Swekey authentication. (PMASA-2011-12)</p></li>

</ul>

<p>The oldstable distribution (lenny) is only affected by 
<a href="http://security-tracker.debian.org/tracker/CVE-2011-2642";>\
CVE-2011-2642</a>, which has been fixed in version 2.11.8.1-5+lenny9.</p>

<p>For the stable distribution (squeeze), these problems have been fixed
in version 3.3.7-6.</p>

<p>For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version 3.4.3.2-1.</p>

<p>We recommend that you upgrade your phpymadmin packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2286.data"
# $Id: dsa-2286.wml,v 1.1 2011-07-27 07:34:04 kaare Exp $

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2703";>CVE-2011-2703</a>

  <p>Several instances of insufficient escaping of user input, leading to
  SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS
  filters).</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2704";>CVE-2011-2704</a>

  <p>Missing length checks in the processing of OGC filter encoding that can
  lead to stack-based buffer overflows and the execution of arbitrary code.</p></li>

</ul>

<p>For the oldstable distribution (lenny), these problems have been fixed in
version 5.0.3-3+lenny7.</p>

<p>For the stable distribution (squeeze), these problems have been fixed in
version 5.6.5-2+squeeze2.</p>

<p>For the testing (squeeze) and unstable (sid) distributions, these problems
will be fixed soon.</p>

<p>We recommend that you upgrade your mapserver packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2285.data"
# $Id: dsa-2285.wml,v 1.2 2011-07-26 08:35:21 kaare Exp $

<define-tag description>implementation error</define-tag>
<define-tag moreinfo>
<p>Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco 
Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web 
single sign-on system is vulnerable to XML signature wrapping attacks. 
More details can be found in the 
<a href="http://shibboleth.internet2.edu/security-advisories.html";>Shibboleth 
advisory</a>.</p>

<p>For the oldstable distribution (lenny), this problem has been fixed in
version 2.0-2+lenny3.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 2.3-2+squeeze1.</p>

<p>For the unstable distribution (sid), this problem will be fixed soon.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2284.data"
# $Id: dsa-2284.wml,v 1.1 2011-07-25 19:32:46 kaare Exp $

<define-tag description>programming error</define-tag>
<define-tag moreinfo>
<p>Tim Zingelmann discovered that due an incorrect configure script the 
kerborised FTP server failed to set the effective GID correctly, 
resulting in privilege escalation.</p>

<p>The oldstable distribution (lenny) is not affected.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 1.0.1-1.1.</p>

<p>For the unstable distribution (sid), this problem will be fixed soon.</p>

<p>We recommend that you upgrade your krb5-appl packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2283.data"
# $Id: dsa-2283.wml,v 1.1 2011-07-25 12:31:21 kaare Exp $

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Two vulnerabilities have been discovered in KVM, a solution for full
virtualization on x86 hardware:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2212";>CVE-2011-2212</a> 

   <p>Nelson Elhage discovered a buffer overflow in the virtio subsystem,
   which could lead to denial of service or privilege escalation.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2527";>CVE-2011-2527</a>

   <p>Andrew Griffiths discovered that group privileges were
   insufficiently dropped when started with -runas option, resulting
   in privilege escalation.</p></li>

</ul>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 0.12.5+dfsg-5+squeeze6.</p>

<p>For the unstable distribution (sid), this problem has been fixed in
version 0.14.1+dfsg-3.</p>

<p>We recommend that you upgrade your qemu-kvm packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2282.data"
# $Id: dsa-2282.wml,v 1.1 2011-07-25 12:31:00 kaare Exp $

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: [TAF] wml://security/2011/dsa-228{2,3,4,5,6}.wml
  - From: Cédric Boutillier <cedric.boutillier@gmail.com>

Prev by Date: [TAF] wml://News/2011/20110726b.wml
Next by Date: [RFR] po-debconf://kstars-data-extra-tycho2/fr.po 20u
Previous by thread: [RFR2] wml://News/2011/20110726a.wml
Next by thread: Re: [TAF] wml://security/2011/dsa-228{2,3,4,5,6}.wml
Index(es):
- Date
- Thread