Salut, Quelques annonces de sécurité sont à traduire, par avance merci au volontaire de répondre par un [ITT] sur le groupe, ou même un ITT individuel par annonce, comme vous préférez (par exemple en utilisant le sujet « [ITT] wml://security/2011/dsa-2282.wml » pour la première). Un script dans le dépôt du site web permet de traduire les morceaux habituels : french/security/dsa-translator.pl. Amicalement David
<define-tag description>several vulnerabilities</define-tag> <define-tag moreinfo> <p>Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:</p> <ul> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2505">CVE-2011-2505</a> <p>Possible session manipulation in Swekey authentication.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2506">CVE-2011-2506</a> <p>Possible code injection in setup script, in case session variables are compromised.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2507">CVE-2011-2507</a> <p>Regular expression quoting issue in Synchronize code.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2508">CVE-2011-2508</a> <p>Possible directory traversal in MIME-type transformation.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2642">CVE-2011-2642</a> <p>Cross site scripting in table Print view when the attacker can create crafted table names.</p></li> <li>No CVE name yet <p>Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12)</p></li> </ul> <p>The oldstable distribution (lenny) is only affected by <a href="http://security-tracker.debian.org/tracker/CVE-2011-2642">\ CVE-2011-2642</a>, which has been fixed in version 2.11.8.1-5+lenny9.</p> <p>For the stable distribution (squeeze), these problems have been fixed in version 3.3.7-6.</p> <p>For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 3.4.3.2-1.</p> <p>We recommend that you upgrade your phpymadmin packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2286.data" # $Id: dsa-2286.wml,v 1.1 2011-07-27 07:34:04 kaare Exp $
<define-tag description>several vulnerabilities</define-tag> <define-tag moreinfo> <p>Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems:</p> <ul> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2703">CVE-2011-2703</a> <p>Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS filters).</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2704">CVE-2011-2704</a> <p>Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code.</p></li> </ul> <p>For the oldstable distribution (lenny), these problems have been fixed in version 5.0.3-3+lenny7.</p> <p>For the stable distribution (squeeze), these problems have been fixed in version 5.6.5-2+squeeze2.</p> <p>For the testing (squeeze) and unstable (sid) distributions, these problems will be fixed soon.</p> <p>We recommend that you upgrade your mapserver packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2285.data" # $Id: dsa-2285.wml,v 1.2 2011-07-26 08:35:21 kaare Exp $
<define-tag description>implementation error</define-tag> <define-tag moreinfo> <p>Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the <a href="http://shibboleth.internet2.edu/security-advisories.html">Shibboleth advisory</a>.</p> <p>For the oldstable distribution (lenny), this problem has been fixed in version 2.0-2+lenny3.</p> <p>For the stable distribution (squeeze), this problem has been fixed in version 2.3-2+squeeze1.</p> <p>For the unstable distribution (sid), this problem will be fixed soon.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2284.data" # $Id: dsa-2284.wml,v 1.1 2011-07-25 19:32:46 kaare Exp $
<define-tag description>programming error</define-tag> <define-tag moreinfo> <p>Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation.</p> <p>The oldstable distribution (lenny) is not affected.</p> <p>For the stable distribution (squeeze), this problem has been fixed in version 1.0.1-1.1.</p> <p>For the unstable distribution (sid), this problem will be fixed soon.</p> <p>We recommend that you upgrade your krb5-appl packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2283.data" # $Id: dsa-2283.wml,v 1.1 2011-07-25 12:31:21 kaare Exp $
<define-tag description>several vulnerabilities</define-tag> <define-tag moreinfo> <p>Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware:</p> <ul> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2212">CVE-2011-2212</a> <p>Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation.</p></li> <li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2527">CVE-2011-2527</a> <p>Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.</p></li> </ul> <p>For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze6.</p> <p>For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-3.</p> <p>We recommend that you upgrade your qemu-kvm packages.</p> </define-tag> # do not modify the following line #include "$(ENGLISHDIR)/security/2011/dsa-2282.data" # $Id: dsa-2282.wml,v 1.1 2011-07-25 12:31:00 kaare Exp $
Attachment:
signature.asc
Description: OpenPGP digital signature